CVE-2017-17068

Published: Dec 6, 2017Modified: May 13, 2026

7.5

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

A cross-origin vulnerability has been discovered in the Auth0 auth0.js library affecting versions < 8.12. This vulnerability allows an attacker to acquire authenticated users' tokens and invoke services on a user's behalf if the target site or application uses a popup callback page with auth0.popup.callback().

Affected (1)

Products: Auth0: Auth0.js

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Auth0 Auth0.js	Before 8.12

Related CWEs

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (4)

https://appcheck-ng.com/appcheck-discovers-vulnerability-auth0-library-cve-2017-17068/

Source: cve@mitre.org

ExploitIssue TrackingThird Party Advisory

https://auth0.com/docs/security/bulletins/cve-2017-17068

Source: cve@mitre.org

Issue TrackingVendor Advisory

https://appcheck-ng.com/appcheck-discovers-vulnerability-auth0-library-cve-2017-17068/

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitIssue TrackingThird Party Advisory

https://auth0.com/docs/security/bulletins/cve-2017-17068

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingVendor Advisory

Timeline

No history available yet.