Entreprise française de cybersécurité depuis 2004
☎ 03 60 47 09 81 - info@securiteinfo.com
☎ 03 60 47 09 81 - info@securiteinfo.com
%20(CWE-352)&color=brightgreen)
The request phase of the OmniAuth Ruby gem (1.9.1 and earlier) is vulnerable to Cross-Site Request Forgery when used as part of the Ruby on Rails framework, allowing accounts to be connected without user intent, user interaction, or feedback to the user. This permits a secondary account to be able to sign into the web application as the primary account.
No PoCs from references.
- https://github.com/18F/omniauth_login_dot_gov
- https://github.com/18f-copy/omniauth_login_dot_gov
- https://github.com/18farchive/omniauth_login_dot_gov
- https://github.com/ARPSyndicate/cvemon
- https://github.com/YuriAkita/omniauth_clone
- https://github.com/appatalks/ghes-cve-check
- https://github.com/cookpad/omniauth-rails_csrf_protection
- https://github.com/deepin-community/ruby-omniauth
- https://github.com/evilmartians/omniauth-ebay-oauth
- https://github.com/hakanensari/amazon-omniauth-sandbox
- https://github.com/jcpny1/recipe-cat
- https://github.com/jonathanbruno/omniauth-ebay-oauth
- https://github.com/liukun-lk/omniauth-dingtalk
- https://github.com/miyu51/noshiru
- https://github.com/omniauth/omniauth
- https://github.com/phiele/omniauth-figma-oauth2
- https://github.com/pixielabs/balrog
- https://github.com/rainchen/code_quality
- https://github.com/rubyonjets/omniauth-jets_csrf_protection
- https://github.com/shotgunsoftware/omniauth-forge
- https://github.com/umd-lib/archelon
- https://github.com/ytojima/devise_omniauth-google-oauth2_sample