Vulnerabilities > Auth0 > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-12-22 | CVE-2022-23541 | Unspecified vulnerability in Auth0 Jsonwebtoken jsonwebtoken is an implementation of JSON Web Tokens. | 6.3 |
| 2022-05-05 | CVE-2022-29172 | Cross-site Scripting vulnerability in Auth0 Lock Auth0 is an authentication broker that supports both social and enterprise identity providers, including Active Directory, LDAP, Google Apps, and Salesforce. | 6.1 |
| 2022-03-31 | CVE-2022-24794 | Open Redirect vulnerability in Auth0 Express Openid Connect Express OpenID Connect is an Express JS middleware implementing sign on for Express web apps using OpenID Connect. | 5.8 |
| 2021-12-16 | CVE-2021-43812 | Open Redirect vulnerability in Auth0 Nextjs-Auth0 The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. | 5.8 |
| 2021-12-09 | CVE-2021-41246 | Session Fixation vulnerability in Auth0 Express Openid Connect Express OpenID Connect is express JS middleware implementing sign on for Express web apps using OpenID Connect. | 6.8 |
| 2021-06-25 | CVE-2021-32702 | Cross-site Scripting vulnerability in Auth0 Nextjs-Auth0 The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. | 6.1 |
| 2021-06-04 | CVE-2021-32641 | Cross-site Scripting vulnerability in Auth0 Lock auth0-lock is Auth0's signin solution. | 4.3 |
| 2020-11-06 | CVE-2020-15259 | Cross-Site Request Forgery (CSRF) vulnerability in Auth0 Ad/Ldap Connector ad-ldap-connector's admin panel before version 5.0.13 does not provide csrf protection, which when exploited may result in remote code execution or confidential data loss. | 6.8 |
| 2020-10-21 | CVE-2020-15240 | Improper Verification of Cryptographic Signature vulnerability in Auth0 Omniauth-Auth0 2.3.0/2.3.1/2.4.0 omniauth-auth0 (rubygems) versions >= 2.3.0 and < 2.4.1 improperly validate the JWT token signature when using the `jwt_validator.verify` method. | 5.8 |
| 2020-07-29 | CVE-2020-15125 | Information Exposure Through an Error Message vulnerability in Auth0 In auth0 (npm package) versions before 2.27.1, a DenyList of specific keys that should be sanitized from the request object contained in the error object is used. | 4.0 |