Lucene search
Veracode Vulnerability DatabaseVERACODE:20573HistoryJun 21, 2019 - 5:14 a.m.
Authentication Bypass
2019-06-2105:14:16
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
4
0.005 Low
EPSS
Percentile
76.9%
openid is vulnerable to authentication bypass which can be exploitable remotely depending on the way the OpenID integration is performed. The risk can be higher if the integration is done fully based on the example app provided by the project.
| CPE | Name | Operator | Version |
|---|---|---|---|
| openid | eq | 0.0.1 | |
| ruby-openid | le | 2.70 | |
| openid | eq | 0.0.1 | |
| ruby-openid | le | 2.70 |
Related
debian
debian
[SECURITY] [DLA 1956-1] ruby-openid security update
2019-10-11 05:15:45
github
github
ruby-openid SSRF via claimed_id request
2019-06-13 16:15:56
osv
osv
ruby-openid SSRF via claimed_id request
2019-06-13 16:15:56
ruby-openid - security update
2019-10-11 00:00:00
CVE-2019-11027
2019-06-10 19:29:00
nessus
nessus
GLSA-202003-09 : OpenID library for Ruby: Server-Side Request Forgery
2020-03-16 00:00:00
Debian DLA-1956-1 : ruby-openid security update
2019-10-11 00:00:00
debiancve
debiancve
CVE-2019-11027
2019-06-10 19:29:00
gentoo
gentoo
OpenID library for Ruby: Server-Side Request Forgery
2020-03-14 00:00:00
cve
cve
CVE-2019-11027
2019-06-10 19:29:00
redhatcve
redhatcve
CVE-2019-11027
2020-03-06 16:11:02
ubuntucve
ubuntucve
CVE-2019-11027
2019-06-10 00:00:00
openvas
openvas
Debian: Security Advisory (DLA-1956-1)
2019-10-12 00:00:00
prion
prion
Design/Logic Flaw
2019-06-10 19:29:00
cvelist
cvelist
CVE-2019-11027
2019-06-10 18:57:09
nvd
nvd
CVE-2019-11027
2019-06-10 19:29:00