CVE-2020-7692

Опубликовано: 09 июл. 2020

Источник: ubuntu

Приоритет: medium

EPSS Низкий

CVSS2: 6.4

CVSS3: 7.4

Описание

PKCE support is not implemented in accordance with the RFC for OAuth 2.0 for Native Apps. Without the use of PKCE, the authorization code returned by an authorization server is not enough to guarantee that the client that issued the initial authorization request is the one that will be authorized. An attacker is able to obtain the authorization code using a malicious app on the client-side and use it to gain authorization to the protected resource. This affects the package com.google.oauth-client:google-oauth-client before 1.31.0.

Релиз	Статус	Примечание
bionic	DNE
devel	needs-triage
eoan	DNE
esm-apps/jammy	needs-triage
esm-apps/noble	needs-triage
esm-infra-legacy/trusty	DNE
esm-infra/focal	DNE
focal	DNE
groovy	ignored	end of life
hirsute	ignored	end of life

Показывать по

Ссылки на источники

EPSS

Процентиль: 25%

0.00084

Низкий

6.4 Medium

CVSS2

7.4 High

CVSS3

Связанные уязвимости

CVE-2020-7692

CVSS3: 7.4

redhat

больше 5 лет назад

CVE-2020-7692

CVSS3: 7.4

nvd

больше 5 лет назад

CVE-2020-7692

CVSS3: 7.4

debian

больше 5 лет назад

PKCE support is not implemented in accordance with the RFC for OAuth 2 ...

GHSA-f263-c949-w85g

CVSS3: 7.4

github

больше 4 лет назад

Improper Authorization in Google OAuth Client

EPSS

Процентиль: 25%

0.00084

Низкий

6.4 Medium

CVSS2

7.4 High

CVSS3

CVE-2020-7692

Описание

Пакет google-oauth-client-java

Ссылки на источники

Связанные уязвимости