CVE-2024-21632

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Jan 2, 2024
Updated: Jan 9, 2024
CWE ID 287

Summary

CVE-2024-21632 affects the omniauth-microsoft_graph library before version 2.0.0. This vulnerability allows for nOAuth misconfiguration due to a lack of email attribute validation, making it susceptible to account takeover attacks. The implementation did not give an option to validate email addresses, leading to potential trust misplacement. Version 2.0.0 includes a fix for this issue, addressing the email attribute vulnerability.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share