Vulnerabilities > Auth0

DATE CVE VULNERABILITY TITLE RISK
2018-04-04 CVE-2018-6873 Improper Authentication vulnerability in Auth0 Auth0.Js
The Auth0 authentication service before 2017-10-15 allows privilege escalation because the JWT audience is not validated.
network
low complexity
auth0 CWE-287
critical
9.8
2018-03-06 CVE-2018-7307 Cross-Site Request Forgery (CSRF) vulnerability in Auth0 Auth0.Js
The Auth0 Auth0.js library before 9.3 has CSRF because it mishandles the case where the authorization response lacks the state parameter.
network
low complexity
auth0 CWE-352
8.8
2017-12-27 CVE-2017-16897 Authentication Bypass by Spoofing vulnerability in Auth0 Passport-Wsfed-Saml2
A vulnerability has been discovered in the Auth0 passport-wsfed-saml2 library affecting versions < 3.0.5.
network
high complexity
auth0 CWE-290
8.1
2017-12-06 CVE-2017-17068 Information Exposure vulnerability in Auth0 Auth0.Js
A cross-origin vulnerability has been discovered in the Auth0 auth0.js library affecting versions < 8.12.
network
low complexity
auth0 CWE-200
7.5