CVE-2024-12056

Dec. 4, 2024, 3:15 p.m.

None
No Score

Description

The Client secret is not checked when using the OAuth Password grant type. By exploiting this vulnerability, an attacker could connect to a web server using a client application not explicitly authorized as part of the OAuth deployment. Exploitation requires valid credentials and does not permit the attacker to bypass user privileges.

Product(s) Impacted

Product Versions
OAuth
  • []

Weaknesses

Common security weaknesses mapped to this vulnerability.

CWE-358
Improperly Implemented Security Check for Standard
The product does not implement or incorrectly implements one or more security-relevant checks as specified by the design of a standardized algorithm, protocol, or technique.

References

https://www.pcvue.com/security/security/#SB2024-4

Tags

CWE-358
2024-12-04
CVE-2024-12056
87c8e6ad-f0f5-4ca8-89e2-89f26d6ed932

Timeline

Published: Dec. 4, 2024, 3:15 p.m.
Last Modified: Dec. 4, 2024, 3:15 p.m.

Status : Awaiting Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

87c8e6ad-f0f5-4ca8-89e2-89f26d6ed932

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.