CVE-2023-50708 | yii2-authclient up to 2.2.14 OAuth1/OAuth2/OpenID timing discrepancy

Posted by Angelo Barbosa | Dec 18, 2023 | CVE

A vulnerability was found in yii2-authclient up to 2.2.14. It has been declared as problematic. This vulnerability affects unknown code of the component OAuth1/OAuth2/OpenID. The manipulation leads to observable timing discrepancy.

This vulnerability was named CVE-2023-50708. The attack can be initiated remotely. There is no exploit available.

It is recommended to upgrade the affected component.

CVE-2023-50708 | yii2-authclient up to 2.2.14 OAuth1/OAuth2/OpenID timing discrepancy

Related Posts

CVE-2023-32242 | xtemos WoodMart Theme up to 1.0.36 on WordPress deserialization

CVE-2024-3615 | Media Library Folders Plugin up to 8.2.0 on WordPress cross site scripting

CVE-2024-6336 | GitHub Enterprise Server up to 3.9.16/3.10.13/3.11.11/3.12.5/3.13.0 Organization Member information disclosure

CVE-2024-5035 | TP-Link Archer C4500X up to 1_1.1.6 rftest command injection