Lucene search
Redhat.comRH:CVE-2020-7692HistoryJul 13, 2020 - 1:52 p.m.
CVE-2020-7692
2020-07-1313:52:00
redhat.com
access.redhat.com
14
oauth 2.0
pkce
native apps
authorization server
google oauth client
security vulnerability
EPSS
0.007
Percentile
79.8%
PKCE support is not implemented in accordance with the RFC for OAuth 2.0 for Native Apps. Without the use of PKCE, the authorization code returned by an authorization server is not enough to guarantee that the client that issued the initial authorization request is the one that will be authorized. An attacker is able to obtain the authorization code using a malicious app on the client-side and use it to gain authorization to the protected resource. This affects the package com.google.oauth-client:google-oauth-client before 1.31.0.
Related
osv
osv
Improper Authorization in Google OAuth Client
2021-09-28 16:16:52
CVE-2020-7692
2020-07-09 14:15:11
Code Injection in oauth2-server
2021-04-22 15:53:45
ibm
ibm
nvd
nvd
CVE-2020-7692
2020-07-09 14:15:11
CVE-2017-18924
2020-10-04 05:15:12
ubuntucve
ubuntucve
CVE-2020-7692
2020-07-09 00:00:00
debiancve
debiancve
CVE-2020-7692
2020-07-09 14:15:11
github
github
Improper Authorization in Google OAuth Client
2021-09-28 16:16:52
Code Injection in oauth2-server
2021-04-22 15:53:45
nessus
nessus
JFrog Artifactory < 7.10.2 Authentication Bypass
2020-12-16 00:00:00
JFrog < 6.23.0 Multiple Vulnerabilities
2021-03-12 00:00:00
RHEL 8 : Red Hat Product OCP Tools 4.12 Openshift Jenkins (RHSA-2023:6172)
2024-04-28 00:00:00
cvelist
cvelist
CVE-2020-7692 Improper Authorization
2020-07-09 13:20:16
CVE-2017-18924
2020-10-04 04:38:47
cve
cve
CVE-2020-7692
2020-07-09 14:15:11
CVE-2017-18924
2020-10-04 05:15:12
veracode
veracode
Improper Authorization
2020-07-13 05:26:51
prion
prion
Authorization
2020-07-09 14:15:00
Authorization
2020-10-04 05:15:00
redhat
redhat