Vulnerabilities > Auth0

DATE	CVE	VULNERABILITY TITLE	RISK
2018-04-04	CVE-2018-6873	Improper Authentication vulnerability in Auth0 Auth0.Js The Auth0 authentication service before 2017-10-15 allows privilege escalation because the JWT audience is not validated. network low complexity auth0 CWE-287	7.5
2018-03-06	CVE-2018-7307	Cross-Site Request Forgery (CSRF) vulnerability in Auth0 Auth0.Js The Auth0 Auth0.js library before 9.3 has CSRF because it mishandles the case where the authorization response lacks the state parameter. network auth0 CWE-352	6.8
2017-12-27	CVE-2017-16897	Authentication Bypass by Spoofing vulnerability in Auth0 Passport-Wsfed-Saml2 A vulnerability has been discovered in the Auth0 passport-wsfed-saml2 library affecting versions < 3.0.5. network auth0 CWE-290 critical	9.3
2017-12-06	CVE-2017-17068	Information Exposure vulnerability in Auth0 Auth0.Js A cross-origin vulnerability has been discovered in the Auth0 auth0.js library affecting versions < 8.12. network low complexity auth0 CWE-200	5.0

Vulnerabilities > Auth0 {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Auth0"}]}