Vulnerabilities > Auth0

DATE CVE VULNERABILITY TITLE RISK
2020-11-06 CVE-2020-15259 Unspecified vulnerability in Auth0 Ad/Ldap Connector
ad-ldap-connector's admin panel before version 5.0.13 does not provide csrf protection, which when exploited may result in remote code execution or confidential data loss.
network
low complexity
auth0
8.8
2020-10-21 CVE-2020-15240 Improper Verification of Cryptographic Signature vulnerability in Auth0 Omniauth-Auth0 2.3.0/2.3.1/2.4.0
omniauth-auth0 (rubygems) versions >= 2.3.0 and < 2.4.1 improperly validate the JWT token signature when using the `jwt_validator.verify` method.
network
low complexity
auth0 CWE-347
critical
9.1
2020-08-20 CVE-2020-15119 Cross-site Scripting vulnerability in Auth0 Lock
In auth0-lock versions before and including 11.25.1, dangerouslySetInnerHTML is used to update the DOM.
network
low complexity
auth0 CWE-79
5.4
2020-07-29 CVE-2020-15125 Information Exposure Through an Error Message vulnerability in Auth0 Auth0.Js
In auth0 (npm package) versions before 2.27.1, a DenyList of specific keys that should be sanitized from the request object contained in the error object is used.
network
low complexity
auth0 CWE-209
7.7
2020-06-30 CVE-2020-15084 Incorrect Authorization vulnerability in Auth0 Express-Jwt
In express-jwt (NPM package) up and including version 5.3.3, the algorithms entry to be specified in the configuration is not being enforced.
network
low complexity
auth0 CWE-863
critical
9.1
2020-04-09 CVE-2020-5263 Insufficiently Protected Credentials vulnerability in Auth0 Auth0.Js
auth0.js (NPM package auth0-js) greater than version 8.0.0 and before version 9.12.3 has a vulnerability.
network
low complexity
auth0 CWE-522
4.9
2020-04-01 CVE-2020-7948 Unspecified vulnerability in Auth0 Login BY Auth0
An issue was discovered in the Login by Auth0 plugin before 4.0.0 for WordPress.
network
low complexity
auth0
8.8
2020-04-01 CVE-2020-7947 Improper Neutralization of Formula Elements in a CSV File vulnerability in Auth0 Login BY Auth0
An issue was discovered in the Login by Auth0 plugin before 4.0.0 for WordPress.
network
low complexity
auth0 CWE-1236
critical
9.8
2020-04-01 CVE-2020-6753 Cross-site Scripting vulnerability in Auth0 Login BY Auth0
The Login by Auth0 plugin before 4.0.0 for WordPress allows stored XSS on multiple pages, a different issue than CVE-2020-5392.
network
low complexity
auth0 CWE-79
6.1
2020-04-01 CVE-2020-5392 Cross-site Scripting vulnerability in Auth0 Wp-Auth0
A stored cross-site scripting (XSS) vulnerability exists in the Auth0 plugin before 4.0.0 for WordPress via the settings page.
network
low complexity
auth0 CWE-79
6.1