CVE-2024-12056
Description
The Client secret is not checked when using the OAuth Password grant type. By exploiting this vulnerability, an attacker could connect to a web server using a client application not explicitly authorized as part of the OAuth deployment. Exploitation requires valid credentials and does not permit the attacker to bypass user privileges.
Weakness Type (CWE)
References
Other References
Frequently Asked Questions
What is CVE-2024-12056? +
How do I check if I'm vulnerable to CVE-2024-12056? +
Related Vulnerabilities
Whale Browser before 4.33.325.17 allows an attacker to escape the iframe sandbox in a dual-tab environment.
Whale browser before 4.35.351.12 allows an attacker to escape the iframe sandbox in a sidebar environment.
Inappropriate implementation in V8 in Google Chrome prior to 122.0.6261.111 allowed a remote attacker to potentially exploit heap corruption via …
Inappropriate implementation in V8 in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to potentially exploit heap corruption via …
Inappropriate implementation in Extensions in Google Chrome prior to 135.0.7049.52 allowed a remote attacker to perform privilege escalation via a …
Inappropriate implementation in V8 in Google Chrome prior to 126.0.6478.114 allowed a remote attacker to perform out of bounds memory …