CWE-290
Authentication Bypass by Spoofing
Description
This attack-focused weakness is caused by incorrectly implemented authentication schemes that are subject to spoofing attacks.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-21 · CAPEC-22 · CAPEC-459 · CAPEC-461 · CAPEC-473 · CAPEC-476 · CAPEC-59 · CAPEC-60 · CAPEC-667 · CAPEC-94
CVEs mapped to this weakness (280)
page 14 of 14| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-39227 | — | 0.00 | — | 0.04 | Sep 23, 2022 | python-jwt is a module for generating and verifying JSON Web Tokens. Versions prior to 3.3.4 are subject to Authentication Bypass by Spoofing, resulting in identity spoofing, session hijacking or authentication bypass. An attacker who obtains a JWT can arbitrarily forge its… | ||
| CVE-2022-35957 | 0.00 | — | 0.01 | Sep 20, 2022 | Grafana is an open-source platform for monitoring and observability. Versions prior to 9.1.6 and 8.5.13 are vulnerable to an escalation from admin to server admin when auth proxy is used, allowing an admin to take over the server admin account and gain full control of the… | |||
| CVE-2022-2368 | 0.00 | — | 0.01 | Jul 11, 2022 | Authentication Bypass by Spoofing in GitHub repository microweber/microweber prior to 1.2.20. | |||
| CVE-2022-29165 | 0.00 | — | 0.02 | May 20, 2022 | Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. A critical vulnerability has been discovered in Argo CD starting with version 1.4.0 and prior to versions 2.1.15, 2.2.9, and 2.3.4 which would allow unauthenticated users to impersonate as any Argo CD user… | |||
| CVE-2022-24858 | 0.00 | — | 0.01 | Apr 19, 2022 | next-auth v3 users before version 3.29.2 are impacted. next-auth version 4 users before version 4.3.2 are also impacted. Upgrading to 3.29.2 or 4.3.2 will patch this vulnerability. If you are not able to upgrade for any reason, you can add a configuration to your callbacks… | |||
| CVE-2021-43807 | 0.00 | — | 0.01 | Dec 14, 2021 | Opencast is an Open Source Lecture Capture & Video Management for Education. Opencast versions prior to 9.10 allow HTTP method spoofing, allowing to change the assumed HTTP method via URL parameter. This allows attackers to turn HTTP GET requests into PUT requests or an HTTP… | |||
| CVE-2020-19003 | — | 0.00 | — | 0.01 | Oct 6, 2021 | An issue in Gate One 1.2.0 allows attackers to bypass to the verification check done by the origins list and connect to Gate One instances used by hosts not on the origins list. | ||
| CVE-2021-20278 | — | 0.00 | — | 0.01 | May 28, 2021 | An authentication bypass vulnerability was found in Kiali in versions before 1.31.0 when the authentication strategy `OpenID` is used. When RBAC is enabled, Kiali assumes that some of the token validation is handled by the underlying cluster. When OpenID `implicit flow` is used… | ||
| CVE-2020-27847 | — | 0.00 | — | 0.02 | May 28, 2021 | A vulnerability exists in the SAML connector of the github.com/dexidp/dex library used to process SAML Signature Validation. This flaw allows an attacker to bypass SAML authentication. The highest threat from this vulnerability is to confidentiality, integrity, as well as system… | ||
| CVE-2021-21310 | 0.00 | — | 0.02 | Feb 11, 2021 | NextAuth.js (next-auth) is am open source authentication solution for Next.js applications. In next-auth before version 3.3.0 there is a token verification vulnerability. Implementations using the Prisma database adapter in conjunction with the Email provider are impacted.… | |||
| CVE-2020-17516 | — | 0.00 | — | 0.02 | Feb 3, 2021 | Apache Cassandra versions 2.1.0 to 2.1.22, 2.2.0 to 2.2.19, 3.0.0 to 3.0.23, and 3.11.0 to 3.11.9, when using 'dc' or 'rack' internode_encryption setting, allows both encrypted and unencrypted internode connections. A misconfigured node or a malicious user can use the… | ||
| CVE-2020-26276 | 0.00 | — | 0.02 | Dec 17, 2020 | Fleet is an open source osquery manager. In Fleet before version 3.5.1, due to issues in Go's standard library XML parsing, a valid SAML response may be mutated by an attacker to modify the trusted document. This can result in allowing unverified logins from a SAML IdP. Users… | |||
| CVE-2020-26254 | 0.00 | — | 0.01 | Dec 8, 2020 | omniauth-apple is the OmniAuth strategy for "Sign In with Apple" (RubyGem omniauth-apple). In omniauth-apple before version 1.0.1 attackers can fake their email address during authentication. This vulnerability impacts applications using the omniauth-apple strategy of OmniAuth… | |||
| CVE-2020-16250 | — | 0.00 | — | 0.01 | Aug 26, 2020 | HashiCorp Vault and Vault Enterprise versions 0.7.1 and newer, when configured with the AWS IAM auth method, may be vulnerable to authentication bypass. Fixed in 1.2.5, 1.3.8, 1.4.4, and 1.5.1.. | ||
| CVE-2020-5415 | 0.00 | — | 0.01 | Aug 12, 2020 | Concourse, versions prior to 6.3.1 and 6.4.1, in installations which use the GitLab auth connector, is vulnerable to identity spoofing by way of configuring a GitLab account with the same full name as another user who is granted access to a Concourse team. GitLab groups do not… | |||
| CVE-2019-16766 | — | 0.00 | — | 0.01 | Nov 29, 2019 | When using wagtail-2fa before 1.3.0, if someone gains access to someone's Wagtail login credentials, they can log into the CMS and bypass the 2FA check by changing the URL. They can then add a new device and gain full access to the CMS. This problem has been patched in version… | ||
| CVE-2018-16483 | — | 0.00 | — | 0.01 | Feb 1, 2019 | A deficiency in the access control in module express-cart <=1.1.5 allows unprivileged users to add new users to the application as administrators. | ||
| CVE-2017-18190 | Hig | 0.00 | 7.5 | 0.03 | Feb 16, 2018 | A localhost.localdomain whitelist entry in valid_host() in scheduler/client.c in CUPS before 2.2.2 allows remote attackers to execute arbitrary IPP commands by sending POST requests to the CUPS daemon in conjunction with DNS rebinding. The localhost.localdomain name is often… | ||
| CVE-2017-1000424 | — | Med | 0.00 | 4.3 | 0.01 | Jan 2, 2018 | Github Electron version 1.6.4 - 1.6.11 and 1.7.0 - 1.7.5 is vulnerable to a URL Spoofing problem when opening PDFs in PDFium resulting loading arbitrary PDFs that a hacker can control. | |
| CVE-2015-0219 | 0.00 | — | 0.07 | Jan 16, 2015 | Django before 1.4.18, 1.6.x before 1.6.10, and 1.7.x before 1.7.3 allows remote attackers to spoof WSGI headers by using an _ (underscore) character instead of a - (dash) character in an HTTP header, as demonstrated by an X-Auth_User header. |
- CVE-2022-39227Sep 23, 2022risk 0.00cvss —epss 0.04
python-jwt is a module for generating and verifying JSON Web Tokens. Versions prior to 3.3.4 are subject to Authentication Bypass by Spoofing, resulting in identity spoofing, session hijacking or authentication bypass. An attacker who obtains a JWT can arbitrarily forge its…
- CVE-2022-35957Sep 20, 2022risk 0.00cvss —epss 0.01
Grafana is an open-source platform for monitoring and observability. Versions prior to 9.1.6 and 8.5.13 are vulnerable to an escalation from admin to server admin when auth proxy is used, allowing an admin to take over the server admin account and gain full control of the…
- CVE-2022-2368Jul 11, 2022risk 0.00cvss —epss 0.01
Authentication Bypass by Spoofing in GitHub repository microweber/microweber prior to 1.2.20.
- CVE-2022-29165May 20, 2022risk 0.00cvss —epss 0.02
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. A critical vulnerability has been discovered in Argo CD starting with version 1.4.0 and prior to versions 2.1.15, 2.2.9, and 2.3.4 which would allow unauthenticated users to impersonate as any Argo CD user…
- CVE-2022-24858Apr 19, 2022risk 0.00cvss —epss 0.01
next-auth v3 users before version 3.29.2 are impacted. next-auth version 4 users before version 4.3.2 are also impacted. Upgrading to 3.29.2 or 4.3.2 will patch this vulnerability. If you are not able to upgrade for any reason, you can add a configuration to your callbacks…
- CVE-2021-43807Dec 14, 2021risk 0.00cvss —epss 0.01
Opencast is an Open Source Lecture Capture & Video Management for Education. Opencast versions prior to 9.10 allow HTTP method spoofing, allowing to change the assumed HTTP method via URL parameter. This allows attackers to turn HTTP GET requests into PUT requests or an HTTP…
- CVE-2020-19003Oct 6, 2021risk 0.00cvss —epss 0.01
An issue in Gate One 1.2.0 allows attackers to bypass to the verification check done by the origins list and connect to Gate One instances used by hosts not on the origins list.
- CVE-2021-20278May 28, 2021risk 0.00cvss —epss 0.01
An authentication bypass vulnerability was found in Kiali in versions before 1.31.0 when the authentication strategy `OpenID` is used. When RBAC is enabled, Kiali assumes that some of the token validation is handled by the underlying cluster. When OpenID `implicit flow` is used…
- CVE-2020-27847May 28, 2021risk 0.00cvss —epss 0.02
A vulnerability exists in the SAML connector of the github.com/dexidp/dex library used to process SAML Signature Validation. This flaw allows an attacker to bypass SAML authentication. The highest threat from this vulnerability is to confidentiality, integrity, as well as system…
- CVE-2021-21310Feb 11, 2021risk 0.00cvss —epss 0.02
NextAuth.js (next-auth) is am open source authentication solution for Next.js applications. In next-auth before version 3.3.0 there is a token verification vulnerability. Implementations using the Prisma database adapter in conjunction with the Email provider are impacted.…
- CVE-2020-17516Feb 3, 2021risk 0.00cvss —epss 0.02
Apache Cassandra versions 2.1.0 to 2.1.22, 2.2.0 to 2.2.19, 3.0.0 to 3.0.23, and 3.11.0 to 3.11.9, when using 'dc' or 'rack' internode_encryption setting, allows both encrypted and unencrypted internode connections. A misconfigured node or a malicious user can use the…
- CVE-2020-26276Dec 17, 2020risk 0.00cvss —epss 0.02
Fleet is an open source osquery manager. In Fleet before version 3.5.1, due to issues in Go's standard library XML parsing, a valid SAML response may be mutated by an attacker to modify the trusted document. This can result in allowing unverified logins from a SAML IdP. Users…
- CVE-2020-26254Dec 8, 2020risk 0.00cvss —epss 0.01
omniauth-apple is the OmniAuth strategy for "Sign In with Apple" (RubyGem omniauth-apple). In omniauth-apple before version 1.0.1 attackers can fake their email address during authentication. This vulnerability impacts applications using the omniauth-apple strategy of OmniAuth…
- CVE-2020-16250Aug 26, 2020risk 0.00cvss —epss 0.01
HashiCorp Vault and Vault Enterprise versions 0.7.1 and newer, when configured with the AWS IAM auth method, may be vulnerable to authentication bypass. Fixed in 1.2.5, 1.3.8, 1.4.4, and 1.5.1..
- CVE-2020-5415Aug 12, 2020risk 0.00cvss —epss 0.01
Concourse, versions prior to 6.3.1 and 6.4.1, in installations which use the GitLab auth connector, is vulnerable to identity spoofing by way of configuring a GitLab account with the same full name as another user who is granted access to a Concourse team. GitLab groups do not…
- CVE-2019-16766Nov 29, 2019risk 0.00cvss —epss 0.01
When using wagtail-2fa before 1.3.0, if someone gains access to someone's Wagtail login credentials, they can log into the CMS and bypass the 2FA check by changing the URL. They can then add a new device and gain full access to the CMS. This problem has been patched in version…
- CVE-2018-16483Feb 1, 2019risk 0.00cvss —epss 0.01
A deficiency in the access control in module express-cart <=1.1.5 allows unprivileged users to add new users to the application as administrators.
- risk 0.00cvss 7.5epss 0.03
A localhost.localdomain whitelist entry in valid_host() in scheduler/client.c in CUPS before 2.2.2 allows remote attackers to execute arbitrary IPP commands by sending POST requests to the CUPS daemon in conjunction with DNS rebinding. The localhost.localdomain name is often…
- risk 0.00cvss 4.3epss 0.01
Github Electron version 1.6.4 - 1.6.11 and 1.7.0 - 1.7.5 is vulnerable to a URL Spoofing problem when opening PDFs in PDFium resulting loading arbitrary PDFs that a hacker can control.
- CVE-2015-0219Jan 16, 2015risk 0.00cvss —epss 0.07
Django before 1.4.18, 1.6.x before 1.6.10, and 1.7.x before 1.7.3 allows remote attackers to spoof WSGI headers by using an _ (underscore) character instead of a - (dash) character in an HTTP header, as demonstrated by an X-Auth_User header.