CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Auth0 : Security Vulnerabilities

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2021-43812 601 2021-12-16 2021-12-22
5.8
None Remote Medium Not required Partial Partial None
The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. Versions before 1.6.2 do not filter out certain returnTo parameter values from the login url, which expose the application to an open redirect vulnerability. Users are advised to upgrade as soon as possible. There are no known workarounds for this issue.
2 CVE-2021-41246 384 2021-12-09 2021-12-14
6.8
None Remote Medium Not required Partial Partial Partial
Express OpenID Connect is express JS middleware implementing sign on for Express web apps using OpenID Connect. Versions before and including `2.5.1` do not regenerate the session id and session cookie when user logs in. This behavior opens up the application to various session fixation vulnerabilities. Versions `2.5.2` contains a patch for this issue.
3 CVE-2021-32702 79 Exec Code XSS 2021-06-25 2021-07-01
4.3
None Remote Medium Not required None Partial None
The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. Versions before and including `1.4.1` are vulnerable to reflected XSS. An attacker can execute arbitrary code by providing an XSS payload in the `error` query parameter which is then processed by the callback handler as an error message. You are affected by this vulnerability if you are using `@auth0/nextjs-auth0` version `1.4.1` or lower **unless** you are using custom error handling that does not return the error message in an HTML response. Upgrade to version `1.4.1` to resolve. The fix adds basic HTML escaping to the error message and it should not impact your users.
4 CVE-2021-32641 79 Exec Code XSS 2021-06-04 2021-06-16
4.3
None Remote Medium Not required None Partial None
auth0-lock is Auth0's signin solution. Versions of nauth0-lock before and including `11.30.0` are vulnerable to reflected XSS. An attacker can execute arbitrary code when the library's `flashMessage` feature is utilized and user input or data from URL parameters is incorporated into the `flashMessage` or the library's `languageDictionary` feature is utilized and user input or data from URL parameters is incorporated into the `languageDictionary`. The vulnerability is patched in version 11.30.1.
5 CVE-2020-15259 352 Exec Code CSRF 2020-11-06 2020-11-18
6.8
None Remote Medium Not required Partial Partial Partial
ad-ldap-connector's admin panel before version 5.0.13 does not provide csrf protection, which when exploited may result in remote code execution or confidential data loss. CSRF exploits may occur if the user visits a malicious page containing CSRF payload on the same machine that has access to the ad-ldap-connector admin console via a browser. You may be affected if you use the admin console included with ad-ldap-connector versions <=5.0.12. If you do not have ad-ldap-connector admin console enabled or do not visit any other public URL while on the machine it is installed on, you are not affected. The issue is fixed in version 5.0.13.
6 CVE-2020-15240 347 Bypass 2020-10-21 2021-11-18
5.8
None Remote Medium Not required Partial Partial None
omniauth-auth0 (rubygems) versions >= 2.3.0 and < 2.4.1 improperly validate the JWT token signature when using the `jwt_validator.verify` method. Improper validation of the JWT token signature can allow an attacker to bypass authentication and authorization. You are affected by this vulnerability if all of the following conditions apply: 1. You are using `omniauth-auth0`. 2. You are using `JWTValidator.verify` method directly OR you are not authenticating using the SDK’s default Authorization Code Flow. The issue is patched in version 2.4.1.
7 CVE-2020-15125 209 2020-07-29 2020-08-03
4.0
None Remote Low ??? Partial None None
In auth0 (npm package) versions before 2.27.1, a DenyList of specific keys that should be sanitized from the request object contained in the error object is used. The key for Authorization header is not sanitized and in certain cases the Authorization header value can be logged exposing a bearer token. You are affected by this vulnerability if you are using the auth0 npm package, and you are using a Machine to Machine application authorized to use Auth0's management API
8 CVE-2020-15119 79 XSS 2020-08-20 2020-08-25
3.5
None Remote Medium ??? None Partial None
In auth0-lock versions before and including 11.25.1, dangerouslySetInnerHTML is used to update the DOM. When dangerouslySetInnerHTML is used, the application and its users might be exposed to cross-site scripting (XSS) attacks.
9 CVE-2020-15084 285 Bypass 2020-06-30 2020-07-08
4.3
None Remote Medium Not required None Partial None
In express-jwt (NPM package) up and including version 5.3.3, the algorithms entry to be specified in the configuration is not being enforced. When algorithms is not specified in the configuration, with the combination of jwks-rsa, it may lead to authorization bypass. You are affected by this vulnerability if all of the following conditions apply: - You are using express-jwt - You do not have **algorithms** configured in your express-jwt configuration. - You are using libraries such as jwks-rsa as the **secret**. You can fix this by specifying **algorithms** in the express-jwt configuration. See linked GHSA for example. This is also fixed in version 6.0.0.
10 CVE-2020-7948 2020-04-01 2020-04-02
6.5
None Remote Low ??? Partial Partial Partial
An issue was discovered in the Login by Auth0 plugin before 4.0.0 for WordPress. A user can perform an insecure direct object reference.
11 CVE-2020-7947 74 2020-04-01 2021-07-21
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in the Login by Auth0 plugin before 4.0.0 for WordPress. It has numerous fields that can contain data that is pulled from different sources. One issue with this is that the data isn't sanitized, and no input validation is performed, before the exporting of the user data. This can lead to (at least) CSV injection if a crafted Excel document is uploaded.
12 CVE-2020-6753 79 XSS 2020-04-01 2020-04-01
4.3
None Remote Medium Not required None Partial None
The Login by Auth0 plugin before 4.0.0 for WordPress allows stored XSS on multiple pages, a different issue than CVE-2020-5392.
13 CVE-2020-5392 79 XSS 2020-04-01 2020-04-01
4.3
None Remote Medium Not required None Partial None
A stored cross-site scripting (XSS) vulnerability exists in the Auth0 plugin before 4.0.0 for WordPress via the settings page.
14 CVE-2020-5391 352 CSRF 2020-04-01 2020-04-01
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerabilities exist in the Auth0 plugin before 4.0.0 for WordPress via the domain field.
15 CVE-2020-5263 522 2020-04-09 2020-04-10
4.0
None Remote Low ??? Partial None None
auth0.js (NPM package auth0-js) greater than version 8.0.0 and before version 9.12.3 has a vulnerability. In the case of an (authentication) error, the error object returned by the library contains the original request of the user, which may include the plaintext password the user entered. If the error object is exposed or logged without modification, the application risks password exposure. This is fixed in version 9.12.3
16 CVE-2019-20174 79 XSS 2020-02-03 2020-02-05
4.3
None Remote Medium Not required None Partial None
Auth0 Lock before 11.21.0 allows XSS when additionalSignUpFields is used with an untrusted placeholder.
17 CVE-2019-20173 79 XSS 2020-02-05 2020-02-07
4.3
None Remote Medium Not required None Partial None
The Auth0 wp-auth0 plugin 3.11.x before 3.11.3 for WordPress allows XSS via a wle parameter associated with wp-login.php.
18 CVE-2019-16929 287 2019-10-08 2019-10-17
5.0
None Remote Low Not required None Partial None
Auth0 auth0.net before 6.5.4 has Incorrect Access Control because IdentityTokenValidator can be accidentally used to validate untrusted ID tokens.
19 CVE-2019-13483 345 Bypass 2019-07-25 2019-07-31
7.5
None Remote Low Not required Partial Partial Partial
Auth0 Passport-SharePoint before 0.4.0 does not validate the JWT signature of an Access Token before processing. This allows attackers to forge tokens and bypass authentication and authorization mechanisms.
20 CVE-2019-7644 209 2019-04-11 2020-08-24
7.5
None Remote Low Not required Partial Partial Partial
Auth0 Auth0-WCF-Service-JWT before 1.0.4 leaks the expected JWT signature in an error message when it cannot successfully validate the JWT signature. If this error message is presented to an attacker, they can forge an arbitrary JWT token that will be accepted by the vulnerable application.
21 CVE-2018-15121 352 CSRF 2018-08-29 2018-11-08
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in Auth0 auth0-aspnet and auth0-aspnet-owin. Affected packages do not use or validate the state parameter of the OAuth 2.0 and OpenID Connect protocols. This leaves applications vulnerable to CSRF attacks during authentication and authorization operations.
22 CVE-2018-11537 20 Bypass 2018-06-19 2018-08-23
4.3
None Remote Medium Not required None Partial None
Auth0 angular-jwt before 0.1.10 treats whiteListedDomains entries as regular expressions, which allows remote attackers with knowledge of the jwtInterceptorProvider.whiteListedDomains setting to bypass the domain whitelist filter via a crafted domain.
23 CVE-2018-7307 352 CSRF 2018-03-06 2018-03-28
6.8
None Remote Medium Not required Partial Partial Partial
The Auth0 Auth0.js library before 9.3 has CSRF because it mishandles the case where the authorization response lacks the state parameter.
24 CVE-2018-6874 352 CSRF 2018-04-04 2018-05-15
6.8
None Remote Medium Not required Partial Partial Partial
CSRF exists in the Auth0 authentication service through 14591 if the Legacy Lock API flag is enabled.
25 CVE-2018-6873 287 2018-04-04 2019-10-03
7.5
None Remote Low Not required Partial Partial Partial
The Auth0 authentication service before 2017-10-15 allows privilege escalation because the JWT audience is not validated.
26 CVE-2017-17068 200 +Info 2017-12-06 2021-04-28
5.0
None Remote Low Not required Partial None None
A cross-origin vulnerability has been discovered in the Auth0 auth0.js library affecting versions < 8.12. This vulnerability allows an attacker to acquire authenticated users' tokens and invoke services on a user's behalf if the target site or application uses a popup callback page with auth0.popup.callback().
27 CVE-2017-16897 290 2017-12-27 2019-10-03
9.3
None Remote Medium Not required Complete Complete Complete
A vulnerability has been discovered in the Auth0 passport-wsfed-saml2 library affecting versions < 3.0.5. This vulnerability allows an attacker to impersonate another user and potentially elevate their privileges if the SAML identity provider does not sign the full SAML response (e.g., only signs the assertion within the response).
28 CVE-2015-9235 327 Bypass 2018-05-29 2019-10-09
7.5
None Remote Low Not required Partial Partial Partial
In jsonwebtoken node module before 4.2.2 it is possible for an attacker to bypass verification when a token digitally signed with an asymmetric key (RS/ES family) of algorithms but instead the attacker send a token digitally signed with a symmetric algorithm (HS* family).
Total number of vulnerabilities : 28   Page : 1 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.