CVE-2025-34062 | One Identity OneLogin Active Directory Connector up to 6.1.4 JWT Signing Key configuration endpoint information disclosure

Inserito da Angelo Barbosa | Lug 1, 2025 | CVE

A vulnerability classified as problematic was found in One Identity OneLogin Active Directory Connector up to 6.1.4. This vulnerability affects unknown code of the file /api/adc/v4/configuration endpoint of the component JWT Signing Key Handler. The manipulation leads to information disclosure.

This vulnerability was named CVE-2025-34062. Local access is required to approach this attack. There is no exploit available.

It is recommended to upgrade the affected component.

CVE-2025-34062 | One Identity OneLogin Active Directory Connector up to 6.1.4 JWT Signing Key configuration endpoint information disclosure

Post correlati

CVE-2023-32331 | IBM Sterling Connect Express 1.5.0 on UNIX memory corruption (XFDB-254979)

CVE-2024-38701 | Academy LMS Plugin up to 2.0.4 on WordPress authorization

CVE-2024-3762 | Emlog Pro 2.2.10 Whisper Page /admin/twitter.php cross site scripting

CVE-2023-50827 | Accredible Certificates & Open Badges Plugin up to 1.4.8 on WordPress cross site scripting