PT-2024-15959 · Okta · Workforce Identity Cloud+2
Published
2024-07-23
·
Updated
2024-08-29
·
CVE-2024-0981
CVSS v3.1
7.1
High
| Vector | AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Okta Browser Plugin versions 6.5.0 through 6.31.0
Description
The issue occurs due to a cross-site scripting flaw when the Okta Browser Plugin prompts the user to save credentials within Okta Personal. This is resolved by properly escaping fields. If Okta Personal is not added to the plugin for multi-account view, the Workforce Identity Cloud plugin is not affected.
Recommendations
For Okta Browser Plugin versions 6.5.0 through 6.31.0, update to version 6.32.0 to fix the issue.
As a temporary workaround, consider avoiding the use of Okta Personal with the plugin until the update is applied.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Okta Browser Plugin
Okta Personal
Workforce Identity Cloud