CVE-2017-17068

Опубликовано: 06 дек. 2017

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

A cross-origin vulnerability has been discovered in the Auth0 auth0.js library affecting versions < 8.12. This vulnerability allows an attacker to acquire authenticated users' tokens and invoke services on a user's behalf if the target site or application uses a popup callback page with auth0.popup.callback().

Ссылки

https://appcheck-ng.com/appcheck-discovers-vulnerability-auth0-library-cve-2017-17068/
Exploit
Issue Tracking
Third Party Advisory
https://auth0.com/docs/security/bulletins/cve-2017-17068
Issue Tracking
Vendor Advisory
https://appcheck-ng.com/appcheck-discovers-vulnerability-auth0-library-cve-2017-17068/
Exploit
Issue Tracking
Third Party Advisory
https://auth0.com/docs/security/bulletins/cve-2017-17068
Issue Tracking
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:auth0:auth0.js:*:*:*:*:*:*:*:*

Версия до 8.12 (исключая)

EPSS

Процентиль: 55%

0.00329

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-200

Связанные уязвимости

GHSA-3rpr-mg43-xhq4