CVE-2017-17068
HIGH
7,5
Source: [email protected]
Attack Vector: network
Attack Complexity: low
Privileges Required: none
User Interaction: none
Scope: unchanged
Confidentiality: high
Integrity: none
Availability: none
MEDIUM
5,0
Source: [email protected]
Access Vector: network
Access Complexity: low
Authentication: none
Confidentiality: partial
Integrity: none
Availability: none
Description
AI Translation Available
A cross-origin vulnerability has been discovered in the Auth0 auth0.js library affecting versions < 8.12. This vulnerability allows an attacker to acquire authenticated users' tokens and invoke services on a user's behalf if the target site or application uses a popup callback page with auth0.popup.callback().
EPSS (Exploit Prediction Scoring System)
Trend Analysis
EPSS (Exploit Prediction Scoring System)
Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.
EPSS Score
0,0033
Percentile
0,6th
Updated
EPSS Score Trend (Last 90 Days)
200
Exposure of Sensitive Information to an Unauthorized Actor
DraftCommon Consequences
Security Scopes Affected:
Confidentiality
Potential Impacts:
Read Application Data
Applicable Platforms
Technologies:
Mobile, Not Technology-Specific, Web Based
Application
Auth0.Js by Auth0
Version Range Affected
To
8.12
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:a:auth0:auth0.js:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
https://appcheck-ng.com/appcheck-discovers-vulnerability-auth0-library-cve-2017…
https://auth0.com/docs/security/bulletins/cve-2017-17068
https://appcheck-ng.com/appcheck-discovers-vulnerability-auth0-library-cve-2017…
https://auth0.com/docs/security/bulletins/cve-2017-17068