CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
EPSS
Percentile
44.5%
league/oauth2-server is vulnerable to authentication bypass. The vulnerability exists in the LogicException
parameter of CryptKey.php
when the key is passed as a string due to key exposure in the exception message, which allows an attacker to bypass authentication mechanisms and access sensitive information in the system.