Home > Vulnerability Database > CVE-2020-5263

Mend.io Vulnerability Database

CVE-2020-5263

Good to know:

Date: April 10, 2020

auth0.js (NPM package auth0-js) greater than version 8.0.0 and before version 9.12.3 has a vulnerability. In the case of an (authentication) error, the error object returned by the library contains the original request of the user, which may include the plaintext password the user entered. If the error object is exposed or logged without modification, the application risks password exposure. This is fixed in version 9.12.3

Language: JS

Severity Score

4.9

Related Resources (4)

Url: https://github.com/auth0/auth0.js/security/advisories/GHSA-prfq-f66g-43mp

Url: https://github.com/auth0/auth0.js/commit/355ca749b229fb93142f0b3978399b248d710828

Url: https://nvd.nist.gov/vuln/detail/CVE-2020-5263

Url: https://www.mend.io/vulnerability-database/CVE-2020-5263

Severity Score

4.9

Weakness Type (CWE)

Insufficiently Protected Credentials

CWE-522

Top Fix

Upgrade Version

Upgrade to version v9.13.2

Learn More

CVSS v3.1

Base Score:	4.9
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	HIGH
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	NONE
Availability (A):	NONE

CVSS v2

Base Score:	4.0
Access Vector (AV):	NETWORK
Access Complexity (AC):	LOW
Authentication (AU):	SINGLE
Confidentiality (C):	PARTIAL
Integrity (I):	NONE
Availability (A):	NONE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2020-5263

Good to know:

Date: April 10, 2020

Language: JS

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

CVSS v2

Do you need more information?