216.73.216.133

CVE-2024-12056

· Published 04/12/2024 15:15 · Modified 04/12/2024 15:15

Labels: CVE-2024-12056 2024-12-0487c8e6ad-f0f5-4ca8-89e2-89f26d6ed932CVE-2024-12056CWE-358

Essential information

Published
04/12/2024 15:15
Modified
04/12/2024 15:15
Author
Creator
CISA KEV
No
CWE

Description

The Client secret is not checked when using the OAuth Password grant type. By exploiting this vulnerability, an attacker could connect to a web server using a client application not explicitly authorized as part of the OAuth deployment. Exploitation requires valid credentials and does not permit the attacker to bypass user privileges.

NVD status

Status
Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source
87c8e6ad-f0f5-4ca8-89e2-89f26d6ed932
NVD
View on NVD

References