team-alembic CVE 脆弱性と CVE 一覧(2)

製品(CPE): — CVE 件数: 2

team-alembic 脆弱性概要

This page aggregates publicly disclosed CVE and security risk information related to team-alembic, with CVSS, EPSS, publication dates, and vulnerability intelligence data to help assess potential risk and remediation priority.

脆弱性分布の推移(直近24か月)

表示中 12 / 2 CVE 件数
«« 先頭 « 前へ 1 / 1 次へ »
CVE 概要 ソース CVSS 最大値 EPSS(%) 公開 更新
CVE-2026-49757 Authentication Bypass by Spoofing vulnerability in team-alembic AshAuthentication allows account takeover of local users via OAuth2/OIDC sign-in. AshAuthentication's OAuth2 and OIDC family strategies matched the local user by email address (an upsert on the email field, or a user-defined sign-in filter) rather than by the OpenID Connect iss/sub claim combination. Per OpenID Connect Core §5.7, only iss/sub uniquely and stably identifies an end-user; other claims, including email, MUST NOT be use 6b3ad84c-e1a6-4bf7-a703-f496b71e49db 9.2 0.56% 2026-06-15 2026-06-17
CVE-2025-4754 Insufficient Session Expiration vulnerability in ash-project ash_authentication_phoenix allows Session Hijacking. This vulnerability is associated with program files lib/ash_authentication_phoenix/controller.ex. This issue affects ash_authentication_phoenix until 2.10.0. 6b3ad84c-e1a6-4bf7-a703-f496b71e49db 2.3 0.40% 2025-06-17 2026-06-17
«« 先頭 « 前へ 1 / 1 次へ »
cvelogic Threat Intelligence