Количество 3
Количество 3
CVE-2023-49104
An issue was discovered in ownCloud owncloud/oauth2 before 0.6.1, when Allow Subdomains is enabled. An attacker is able to pass in a crafted redirect-url that bypasses validation, and consequently allows an attacker to redirect callbacks to a Top Level Domain controlled by the attacker.
GHSA-phfx-x4q3-w99v
An issue was discovered in ownCloud owncloud/oauth2 before 0.6.1, when Allow Subdomains is enabled. An attacker is able to pass in a crafted redirect-url that bypasses validation, and consequently allows an attacker to redirect callbacks to a Top Level Domain controlled by the attacker.
BDU:2023-08351
Уязвимость конфигурации «Allow Subdomains» платформы авторизации OAuth2, позволяющая нарушителю обойти ограничения безопасности и перенаправить пользователя на произвольный URL-адрес
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2023-49104 An issue was discovered in ownCloud owncloud/oauth2 before 0.6.1, when Allow Subdomains is enabled. An attacker is able to pass in a crafted redirect-url that bypasses validation, and consequently allows an attacker to redirect callbacks to a Top Level Domain controlled by the attacker. | CVSS3: 8.7 | 0% Низкий | около 2 лет назад |
| GHSA-phfx-x4q3-w99v An issue was discovered in ownCloud owncloud/oauth2 before 0.6.1, when Allow Subdomains is enabled. An attacker is able to pass in a crafted redirect-url that bypasses validation, and consequently allows an attacker to redirect callbacks to a Top Level Domain controlled by the attacker. | CVSS3: 8.7 | 0% Низкий | около 2 лет назад |
 | BDU:2023-08351 Уязвимость конфигурации «Allow Subdomains» платформы авторизации OAuth2, позволяющая нарушителю обойти ограничения безопасности и перенаправить пользователя на произвольный URL-адрес | CVSS3: 8.7 | 0% Низкий | около 2 лет назад |
Уязвимостей на страницу