Vulnerabilities > Auth0 > High

DATE CVE VULNERABILITY TITLE RISK
2022-12-23 CVE-2022-23539 Use of a Broken or Risky Cryptographic Algorithm vulnerability in Auth0 Jsonwebtoken
Versions `<=8.5.1` of `jsonwebtoken` library could be misconfigured so that legacy, insecure key types are used for signature verification.
network
low complexity
auth0 CWE-327
8.1
2022-12-22 CVE-2022-23540 Improper Verification of Cryptographic Signature vulnerability in Auth0 Jsonwebtoken
In versions `<=8.5.1` of `jsonwebtoken` library, lack of algorithm definition in the `jwt.verify()` function can lead to signature validation bypass due to defaulting to the `none` algorithm for signature verification.
network
low complexity
auth0 CWE-347
7.6
2022-12-13 CVE-2022-23505 Unspecified vulnerability in Auth0 Passport-Wsfed-Saml2
Passport-wsfed-saml2 is a ws-federation protocol and SAML2 tokens authentication provider for Passport.
network
low complexity
auth0
7.5
2021-12-09 CVE-2021-41246 Session Fixation vulnerability in Auth0 Express Openid Connect
Express OpenID Connect is express JS middleware implementing sign on for Express web apps using OpenID Connect.
network
low complexity
auth0 CWE-384
8.8
2020-11-06 CVE-2020-15259 Cross-Site Request Forgery (CSRF) vulnerability in Auth0 Ad/Ldap Connector
ad-ldap-connector's admin panel before version 5.0.13 does not provide csrf protection, which when exploited may result in remote code execution or confidential data loss.
network
low complexity
auth0 CWE-352
8.8
2020-07-29 CVE-2020-15125 Information Exposure Through an Error Message vulnerability in Auth0 Auth0.Js
In auth0 (npm package) versions before 2.27.1, a DenyList of specific keys that should be sanitized from the request object contained in the error object is used.
network
low complexity
auth0 CWE-209
7.7
2020-04-01 CVE-2020-7948 Unspecified vulnerability in Auth0 Login BY Auth0
An issue was discovered in the Login by Auth0 plugin before 4.0.0 for WordPress.
network
low complexity
auth0
8.8
2020-04-01 CVE-2020-5391 Cross-Site Request Forgery (CSRF) vulnerability in Auth0 Wp-Auth0
Cross-site request forgery (CSRF) vulnerabilities exist in the Auth0 plugin before 4.0.0 for WordPress via the domain field.
network
low complexity
auth0 CWE-352
8.8
2019-10-08 CVE-2019-16929 Improper Authentication vulnerability in Auth0 Auth0.Net
Auth0 auth0.net before 6.5.4 has Incorrect Access Control because IdentityTokenValidator can be accidentally used to validate untrusted ID tokens.
network
low complexity
auth0 CWE-287
7.5
2019-07-25 CVE-2019-13483 Insufficient Verification of Data Authenticity vulnerability in Auth0 Passport-Sharepoint 0.3.0
Auth0 Passport-SharePoint before 0.4.0 does not validate the JWT signature of an Access Token before processing.
network
low complexity
auth0 CWE-345
7.3