CVE-2022-39387 – XWiki OIDC Authenticator vulnerable to OpenID login bypass due to improper authentication
https://notcve.org/view.php?id=CVE-2022-39387
XWiki OIDC has various tools to manipulate OpenID Connect protocol in XWiki. Prior to version 1.29.1, even if a wiki has an OpenID provider configured through its xwiki.properties, it is possible to provide a third party provider its details through request parameters. One can then bypass the XWiki authentication altogether by specifying its own provider through the oidc.endpoint.* request parameters (or by using an XWiki-based OpenID provider with oidc.xwikiprovider. With the same approach, one could also provide a specific group mapping through oidc.groups.mapping that would make his user automatically part of the XWikiAdminGroup. This issue has been patched, please upgrade to 1.29.1. • https://github.com/xwiki-contrib/oidc/commit/0247af1417925b9734ab106ad7cd934ee870ac89 https://github.com/xwiki-contrib/oidc/security/advisories/GHSA-m7gv-v8xx-v47w https://jira.xwiki.org/browse/OIDC-118 • CWE-287: Improper Authentication •
CVE-2019-9837
https://notcve.org/view.php?id=CVE-2019-9837
Doorkeeper::OpenidConnect (aka the OpenID Connect extension for Doorkeeper) 1.4.x and 1.5.x before 1.5.4 has an open redirect via the redirect_uri field in an OAuth authorization request (that results in an error response) with the 'openid' scope and a prompt=none value. This allows phishing attacks against the authorization flow. Doorkeeper::OpenidConnect (también conocido como extensión OpenID Connect para Doorkeeper) 1.4.x y 1.5.x anterior a la versión 1.5.4 tiene una redirección abierta mediante el campo redirect_uri en una petición de autorización OAuth (que resulta en una respuesta de error) con el alcance "openid" y un valor prompt=none. Esto permite ataques de phishing contra el flujo de autorización. • https://github.com/doorkeeper-gem/doorkeeper-openid_connect/blob/master/CHANGELOG.md https://github.com/doorkeeper-gem/doorkeeper-openid_connect/issues/61 https://github.com/doorkeeper-gem/doorkeeper-openid_connect/pull/66 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •