How severe is CVE-2020-15233?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 4.8 out of 10.

What type of vulnerability is CVE-2020-15233?

This is classified as CWE-20, which is a common weakness in software security.

CVE-2020-15233 - MEDIUM Severity | CVSS 4.8

Vulnerability Description

ORY Fosite is a security first OAuth2 & OpenID Connect framework for Go. In Fosite from version 0.30.2 and before version 0.34.1, there is an issue in which an an attacker can override the registered redirect URL by performing an OAuth flow and requesting a redirect URL that is to the loopback adapter. Attackers can provide both custom URL query parameters to their loopback redirect URL, as well as actually overriding the host of the registered redirect URL. These attacks are only applicable in scenarios where the attacker has access over the loopback interface. This vulnerability has been patched in ORY Fosite v0.34.1.

Related Vulnerabilities

CVE-2010-3359

MEDIUM

CVSS:4.8(Medium)

If LD_LIBRARY_PATH is undefined in gargoyle-free before 2009-08-25, the variable will point to the current directory. This can allow a local user to trick another user into running gargoyle in a direc...

CWE-202010

CVE-2011-4968

MEDIUM

CVSS:4.8(Medium)

nginx http proxy module does not verify peer identity of https origin server which could facilitate man-in-the-middle attack (MITM)

CWE-202011

CVE-2019-12626

MEDIUM

CVSS:4.8(Medium)

A vulnerability in the web-based management interface of Cisco Unified Contact Center Express (Unified CCX) could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS)...

CWE-202019

CVE-2019-1875

MEDIUM

CVSS:4.8(Medium)

A vulnerability in the web-based management interface of Cisco Prime Service Catalog could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the ...

CWE-202019

CVE-2020-15201

MEDIUM

CVSS:4.8(Medium)

In Tensorflow before version 2.3.1, the `RaggedCountSparseOutput` implementation does not validate that the input arguments form a valid ragged tensor. In particular, there is no validation that the v...

CWE-202020

CVE-2020-15234

MEDIUM

CVSS:4.8(Medium)

ORY Fosite is a security first OAuth2 & OpenID Connect framework for Go. In Fosite before version 0.34.1, the OAuth 2.0 Client's registered redirect URLs and the redirect URL provided at the OAuth2 Au...

CWE-202020