1. Home
  2. CVE Database
  3. CVE-2024-12056
NONE · 0

CVE-2024-12056

The Client secret is not checked when using the OAuth Password grant type. By exploiting this vulnerability, an attacker could connect to a web server using a client application not explicitly author...

Vulnerability Description

The Client secret is not checked when using the OAuth Password grant type. By exploiting this vulnerability, an attacker could connect to a web server using a client application not explicitly authorized as part of the OAuth deployment. Exploitation requires valid credentials and does not permit the attacker to bypass user privileges.

Related Weaknesses (CWE)

CWE-358

References

FAQ

What is CVE-2024-12056?

CVE-2024-12056 is a documented vulnerability. The Client secret is not checked when using the OAuth Password grant type. By exploiting this vulnerability, an attacker could connect to a web server using a client application not explicitly author...

How severe is CVE-2024-12056?

CVSS scoring is not yet available for CVE-2024-12056. Check NVD for updates.

Is there a patch for CVE-2024-12056?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.