CVE-2023-50708 | yii2-authclient up to 2.2.14 OAuth1/OAuth2/OpenID timing discrepancy

Posted by Angelo Barbosa | Dec 18, 2023 | CVE

A vulnerability was found in yii2-authclient up to 2.2.14. It has been declared as problematic. This vulnerability affects unknown code of the component OAuth1/OAuth2/OpenID. The manipulation leads to observable timing discrepancy.

This vulnerability was named CVE-2023-50708. The attack can be initiated remotely. There is no exploit available.

It is recommended to upgrade the affected component.

CVE-2023-50708 | yii2-authclient up to 2.2.14 OAuth1/OAuth2/OpenID timing discrepancy

Related Posts

CVE-2024-25551 | sourcecodester Simple Student Attendance System 1.0 page cross site scripting

CVE-2023-6585 | WP JobSearch Plugin up to 2.3.3 on WordPress unrestricted upload

CVE-2024-47964 | Delta Electronics CNCSoft-G2 2.1.0.10 heap-based overflow (icsa-24-284-21)

CVE-2024-5787 | PowerPack Addons for Elementor Plugin up to 2.7.20 on WordPress Link Effects Widget cross site scripting