CVE-2022-31679 An attacker can access HTTP PATCH requests to the REST API in 3.6.0 - 3.5.5, 3.7.0 - 3.7.2, and older versions if they know the structure of the domain model.
For example, they can use this technique to cause a service to generate a new revision of a given entity every time an HTTP request
CVE-2022-36087 OAuthLib is a library for OAuth request signing. An attacker with malicious redirect uri can cause DoS.
CVE-2019-8678 An attacker can bypass authorization workflow and steal sensitive data by injecting malicious redirect URI into the flow. OAuthLib apps that use
CVE-2022-31162 Slack OAuth client information can leak in application debug logs before 0.41.0.
If you encounter issues while debugging an application, search for any application logs that contain the word “OAuth” and review the information being printed. An
CVE-2022-30622 The system discloses usernames and passwords, which means it's possible to enter the system. The system loads the request clearly by default.
The server code is very vulnerable, as it is described in the following example. In addition, the server has hard-coded authentication credentials (admin/admin)
CVE-2022-2133 OAuth plugin before 6.22.6 doesn't validate token requests, which allows attackers to log into site with user's email address.
This access token can then be used to request any type of resource on the website that the user has access to. This could be
Episode
00:00:00
00:00:00