aeneasr

4 exploits Active since Feb 2019
CVE-2019-8400 WRITEUP MEDIUM WRITEUP
ORY Hydra < v1.0.0-rc.3+oryOS.9 - Reflected Cross-Site Scripting via OAuth2 Error Hint Parameter
ORY Hydra before v1.0.0-rc.3+oryOS.9 has Reflected XSS via the oauth2/fallbacks/error error_hint parameter.
CVSS 6.1
CVE-2020-15233 WRITEUP MEDIUM WRITEUP
ORY Fosite 0.30.2-0.34.0 - Open Redirect via Loopback Adapter
ORY Fosite is a security first OAuth2 & OpenID Connect framework for Go. In Fosite from version 0.30.2 and before version 0.34.1, there is an issue in which an an attacker can override the registered redirect URL by performing an OAuth flow and requesting a redirect URL that is to the loopback adapter. Attackers can provide both custom URL query parameters to their loopback redirect URL, as well as actually overriding the host of the registered redirect URL. These attacks are only applicable in scenarios where the attacker has access over the loopback interface. This vulnerability has been patched in ORY Fosite v0.34.1.
CVSS 6.1
CVE-2020-15234 WRITEUP MEDIUM WRITEUP
ORY Fosite < 0.34.1 - Open Redirect via Case-Insensitive URL Comparison
ORY Fosite is a security first OAuth2 & OpenID Connect framework for Go. In Fosite before version 0.34.1, the OAuth 2.0 Client's registered redirect URLs and the redirect URL provided at the OAuth2 Authorization Endpoint where compared using strings.ToLower while they should have been compared with a simple string match. This allows an attacker to register a client with allowed redirect URL https://example.com/callback. Then perform an OAuth2 flow and requesting redirect URL https://example.com/CALLBACK. Instead of an error (invalid redirect URL), the browser is redirected to https://example.com/CALLBACK with a potentially successful OAuth2 response, depending on the state of the overall OAuth2 flow (the user might still deny the request for example). This vulnerability has been patched in ORY Fosite v0.34.1.
CVSS 6.1
CVE-2020-36564 WRITEUP HIGH WRITEUP
nosurf < 1.1.1 - Improper Input Validation
Due to improper validation of caller input, validation is silently disabled if the provided expected token is malformed, causing any user supplied token to be considered valid.
CVSS 7.5