CVE-2018-15121

An issue was discovered in Auth0 auth0-aspnet and auth0-aspnet-owin. Affected packages do not use or validate the state parameter of the OAuth 2.0 and OpenID Connect protocols. This leaves applications vulnerable to CSRF attacks during authentication and authorization operations.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:auth0:aspnet:-:*:*:*:*:*:*:*
cpe:2.3:a:auth0:aspnet-owin:-:*:*:*:*:*:*:*

History

21 Nov 2024, 03:50

Type Values Removed Values Added
References () https://auth0.com/docs/security/bulletins/cve-2018-15121 - Vendor Advisory () https://auth0.com/docs/security/bulletins/cve-2018-15121 - Vendor Advisory

Information

Published : 2018-08-29 03:29

Updated : 2024-11-21 03:50


NVD link : CVE-2018-15121

Mitre link : CVE-2018-15121

CVE.ORG link : CVE-2018-15121


JSON object : View

Products Affected

auth0

  • aspnet
  • aspnet-owin
CWE
CWE-352

Cross-Site Request Forgery (CSRF)