Auth0 : Security Vulnerabilities, CVEs, Published In 2019 CVSS score >= 7

CVE-2019-16929

Auth0 auth0.net before 6.5.4 has Incorrect Access Control because IdentityTokenValidator can be accidentally used to validate untrusted ID tokens.
Max CVSS
7.5
EPSS Score
0.08%
Published
2019-10-08
Updated
2019-10-17

CVE-2019-13483

Auth0 Passport-SharePoint before 0.4.0 does not validate the JWT signature of an Access Token before processing. This allows attackers to forge tokens and bypass authentication and authorization mechanisms.
Max CVSS
7.5
EPSS Score
0.09%
Published
2019-07-25
Updated
2019-07-31

CVE-2019-7644

Auth0 Auth0-WCF-Service-JWT before 1.0.4 leaks the expected JWT signature in an error message when it cannot successfully validate the JWT signature. If this error message is presented to an attacker, they can forge an arbitrary JWT token that will be accepted by the vulnerable application.
Max CVSS
9.8
EPSS Score
0.22%
Published
2019-04-11
Updated
2020-08-24
3 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close