CVE-2017-17068: Information Exposure

December 6, 2017 (updated December 20, 2017)

A cross-origin vulnerability has been discovered in auth0. This vulnerability allows an attacker to acquire authenticated user tokens and invoke services on a user’s behalf if the target site or application uses a popup callback page with auth0.popup.callback().

References

appcheck-ng.com/appcheck-discovers-vulnerability-auth0-library-cve-2017-17068/
auth0.com/docs/security/bulletins/cve-2017-17068
nvd.nist.gov/vuln/detail/CVE-2017-17068

Code Behaviors & Features

Detect and mitigate CVE-2017-17068 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →