CVE-2022-36087 OAuthLib is a library for OAuth request signing. An attacker with malicious redirect uri can cause DoS.
CVE-2019-8678 An attacker can bypass authorization workflow and steal sensitive data by injecting malicious redirect URI into the flow. OAuthLib apps that use `uri_validate`
CVE-2022-31162 Slack OAuth client information can leak in application debug logs before 0.41.0.
If you encounter issues while debugging an application, search for any application logs that contain the word “OAuth” and review the information being printed. An
CVE-2022-30622 The system discloses usernames and passwords, which means it's possible to enter the system. The system loads the request clearly by default.
The server code is very vulnerable, as it is described in the following example. In addition, the server has hard-coded authentication credentials (admin/admin). Path
CVE-2022-2133 OAuth plugin before 6.22.6 doesn't validate token requests, which allows attackers to log into site with user's email address.
This access token can then be used to request any type of resource on the website that the user has access to. This could be
CVE-2022-31107 Grafana is an open-source platform for monitoring and observability
as that user. This allows the malicious user to gain access to all of the Grafana data for the target user's account and
Episode
00:00:00
00:00:00