PT-2020-13413 · Oauth+1 · Oauth+1
Published
2020-06-19
·
Updated
2024-03-06
·
CVE-2020-13272
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
OAuth versions 12.3 through 13.0.1
Description
The issue concerns the OAuth flow missing verification checks, allowing an unverified user to use the OAuth authorization code flow.
Recommendations
For versions 12.3 through 13.0.1, update to a version that includes the necessary verification checks in the OAuth flow to prevent unauthorized access.
Fix
Insufficient Verification of Data Authenticity
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Gitlab
Oauth