Security Advisory

CVE-2018-15121

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2018-08-29 03:00:00

Last updated 2024-08-05 09:46:25

Assigner mitre

State PUBLISHED

Description

An issue was discovered in Auth0 auth0-aspnet and auth0-aspnet-owin. Affected packages do not use or validate the state parameter of the OAuth 2.0 and OpenID Connect protocols. This leaves applications vulnerable to CSRF attacks during authentication and authorization operations.

← Browse all CVEs View on cve.org ↗