Oauth Identity Xwiki Oauth Identity

Do you want an email whenever new security vulnerabilities are reported in Xwiki Oauth Identity?

By the Year

In 2023 there have been 1 vulnerability in Xwiki Oauth Identity with an average score of 9.6 out of ten. Oauth Identity did not have any published security vulnerabilities last year. That is, 1 more vulnerability have already been reported in 2023 as compared to last year.

Year Vulnerabilities Average Score
2023 1 9.60
2022 0 0.00
2021 0 0.00
2020 0 0.00
2019 0 0.00
2018 0 0.00

It may take a day or so for new Oauth Identity vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Xwiki Oauth Identity Security Vulnerabilities

com.xwiki.identity-oauth:identity-oauth-ui is a package to aid in building identity and service providers based on OAuth authorizations

CVE-2023-45144 9.6 - Critical - October 16, 2023

com.xwiki.identity-oauth:identity-oauth-ui is a package to aid in building identity and service providers based on OAuth authorizations. When a user logs in via the OAuth method, the identityOAuth parameters sent in the GET request is vulnerable to cross site scripting (XSS) and XWiki syntax injection. This allows remote code execution via the groovy macro and thus affects the confidentiality, integrity and availability of the whole XWiki installation. The issue has been fixed in Identity OAuth version 1.6. There are no known workarounds for this vulnerability and users are advised to upgrade.

XSS

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Xwiki Oauth Identity or by Xwiki? Click the Watch button to subscribe.

Xwiki
Vendor

subscribe