Vulnerabilities > Auth0

DATE CVE VULNERABILITY TITLE RISK
2022-05-05 CVE-2022-29172 Cross-site Scripting vulnerability in Auth0 Lock
Auth0 is an authentication broker that supports both social and enterprise identity providers, including Active Directory, LDAP, Google Apps, and Salesforce.
network
high complexity
auth0 CWE-79
2.6
2022-03-31 CVE-2022-24794 Open Redirect vulnerability in Auth0 Express Openid Connect
Express OpenID Connect is an Express JS middleware implementing sign on for Express web apps using OpenID Connect.
network
auth0 CWE-601
5.8
2021-12-16 CVE-2021-43812 Open Redirect vulnerability in Auth0 Nextjs-Auth0
The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications.
network
auth0 CWE-601
5.8
2021-12-09 CVE-2021-41246 Session Fixation vulnerability in Auth0 Express Openid Connect
Express OpenID Connect is express JS middleware implementing sign on for Express web apps using OpenID Connect.
network
auth0 CWE-384
6.8
2021-06-25 CVE-2021-32702 Cross-site Scripting vulnerability in Auth0 Nextjs-Auth0
The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications.
network
auth0 CWE-79
4.3
2021-06-04 CVE-2021-32641 Cross-site Scripting vulnerability in Auth0 Lock
auth0-lock is Auth0's signin solution.
network
auth0 CWE-79
4.3
2020-11-06 CVE-2020-15259 Cross-Site Request Forgery (CSRF) vulnerability in Auth0 Ad/Ldap Connector
ad-ldap-connector's admin panel before version 5.0.13 does not provide csrf protection, which when exploited may result in remote code execution or confidential data loss.
network
auth0 CWE-352
6.8
2020-10-21 CVE-2020-15240 Improper Verification of Cryptographic Signature vulnerability in Auth0 Omniauth-Auth0 2.3.0/2.3.1/2.4.0
omniauth-auth0 (rubygems) versions >= 2.3.0 and < 2.4.1 improperly validate the JWT token signature when using the `jwt_validator.verify` method.
network
auth0 CWE-347
5.8
2020-08-20 CVE-2020-15119 Cross-site Scripting vulnerability in Auth0 Lock
In auth0-lock versions before and including 11.25.1, dangerouslySetInnerHTML is used to update the DOM.
network
auth0 CWE-79
3.5
2020-07-29 CVE-2020-15125 Information Exposure Through an Error Message vulnerability in Auth0
In auth0 (npm package) versions before 2.27.1, a DenyList of specific keys that should be sanitized from the request object contained in the error object is used.
network
low complexity
auth0 CWE-209
4.0