An issue was discovered in Auth0 auth0-aspnet and auth0-aspnet-owin. Affected packages do not use or validate the state parameter of the OAuth 2.0 and OpenID Connect protocols. This leaves applications vulnerable to CSRF attacks during authentication and authorization operations.
References
Link | Resource |
---|---|
https://auth0.com/docs/security/bulletins/cve-2018-15121 | Vendor Advisory |
https://auth0.com/docs/security/bulletins/cve-2018-15121 | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 03:50
Type | Values Removed | Values Added |
---|---|---|
References | () https://auth0.com/docs/security/bulletins/cve-2018-15121 - Vendor Advisory |
Information
Published : 2018-08-29 03:29
Updated : 2024-11-21 03:50
NVD link : CVE-2018-15121
Mitre link : CVE-2018-15121
CVE.ORG link : CVE-2018-15121
JSON object : View
Products Affected
auth0
- aspnet
- aspnet-owin
CWE
CWE-352
Cross-Site Request Forgery (CSRF)