Security
Headlines
HeadlinesLatestCVEs

Tag

#csrf

GHSA-7r7x-4c4q-c4qf: Missing proper state, nonce and PKCE checks for OAuth authentication

### Impact `next-auth` applications using OAuth provider versions before `v4.20.1` are affected. A bad actor who can spy on the victim's network or able to social engineer the victim to click a manipulated login link could intercept and tamper with the authorization URL to **log in as the victim**, bypassing the CSRF protection. As an example, an attack can happen in the following scenario. > TL;DR: The attacker steals the victim's authenticated callback by intercepting and tampering with the authorization URL created by `next-auth`. 1. The victim attempts to log in to the `next-auth` site. For example https://next-auth-example.vercel.app/ 2. `next-auth` sets the `checks` cookies according to how the OAuth provider is configured. In this case, `state` and `pkce` are set by default for the Google Provider. <img width="1971" alt="Screen Shot 2023-03-03 at 09 54 26" src="https://user-images.githubusercontent.com/31528554/222619750-a2062bb8-99eb-4985-a75c-d75acd3da67e.png"> 3. The at...

ghsa
Open in Source
#csrf#vulnerability#google#nodejs#js#git#oauth#auth
GHSA-3g43-x7qr-96ph: Possible CSRF token fixation

### Impact When authenticating users PrestaShop preserves session attributes. Because this does not clear CSRF tokens upon login, this might enables `same-site attackers` to bypass the CSRF protection mechanism by performing an attack similar to a session-fixation. ### Patches The problem is fixed in version 8.0.1

CVE-2023-25170: Possible CSRF token fixation

PrestaShop is an open source e-commerce web application that, prior to version 8.0.1, is vulnerable to cross-site request forgery (CSRF). When authenticating users, PrestaShop preserves session attributes. Because this does not clear CSRF tokens upon login, this might enable same-site attackers to bypass the CSRF protection mechanism by performing an attack similar to a session-fixation. The problem is fixed in version 8.0.1.

CVE-2023-22700: WordPress PixelYourSite – Your smart PIXEL (TAG) Manager plugin <= 9.3.0 - Cross Site Request Forgery (CSRF) vulnerability - Patchstack

Cross-Site Request Forgery (CSRF) vulnerability in PixelYourSite PixelYourSite – Your smart PIXEL (TAG) Manager plugin <= 9.3.0 versions.

CVE-2023-23711: WordPress A2 Optimized WP plugin <= 3.0.4 - Cross Site Request Forgery (CSRF) vulnerability - Patchstack

Cross-Site Request Forgery (CSRF) vulnerability in A2 Hosting A2 Optimized WP plugin <= 3.0.4 versions.

CVE-2023-25973: WordPress Auto Affiliate Links plugin <= 6.3.0.2 - Cross Site Request Forgery (CSRF) vulnerability - Patchstack

Cross-Site Request Forgery (CSRF) vulnerability in Lucian Apostol Auto Affiliate Links plugin <= 6.3.0.2 versions.

CVE-2022-47166: WordPress Void Contact Form 7 Widget For Elementor Page Builder plugin <= 2.1.1 - Cross Site Request Forgery (CSRF) - Patchstack

Cross-Site Request Forgery (CSRF) vulnerability in voidCoders Void Contact Form 7 Widget For Elementor Page Builder plugin <= 2.1.1 versions.

CVE-2022-47440: WordPress My Tickets plugin <= 1.9.10 - Cross Site Request Forgery (CSRF) - Patchstack

Cross-Site Request Forgery (CSRF) vulnerability in Joseph C Dolson My Tickets plugin <= 1.9.10 versions.