CVE-2022-34155

Name of the Vulnerable Software and Affected Versions miniOrange OAuth Single Sign On – SSO (OAuth Client) plugin versions through 6.23.3

Description The issue is related to an Improper Authentication vulnerability in the miniOrange OAuth Single Sign On – SSO (OAuth Client) plugin, which allows Authentication Bypass. This can enable a remote attacker to bypass existing security restrictions.

Recommendations For versions through 6.23.3, update to a version later than 6.23.3 to resolve the issue. As a temporary workaround, consider restricting access to the plugin until a patch is available.