Closed alexhiggins732 closed 8 months ago
ID cs/user-controlled-bypass Severity: High
The original IdentityServer4 source code contains controller methods that allow user to control authentication execution flow based on a user-provided value in the Account login controller.
Common Weakness Enumeration: CWE-807. Common Weakness Enumeration: CWE-247. Common Weakness Enumeration: CWE-350.
Tracking issue for:
Addressed in https://github.com/alexhiggins732/IdentityServer8/commit/9b70f5f99d5ebc4b85b75b052fa731a9a3f7c0b9
alexhiggins732
commented
8 months ago
Code QL Code scanning alert
ID cs/user-controlled-bypass Severity: High
Description:
The original IdentityServer4 source code contains controller methods that allow user to control authentication execution flow based on a user-provided value in the Account login controller.
Source:
References:
Common Weakness Enumeration: CWE-807. Common Weakness Enumeration: CWE-247. Common Weakness Enumeration: CWE-350.
Tracking issue for: