{"vulnerability": "cve-2021-26715", "sightings": [{"uuid": "2ed1ab6f-40e0-4a3f-94f1-964b02d2ddc7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-26715", "type": "published-proof-of-concept", "source": "https://t.me/ptswarm/15", "content": "Three brand new OAuth2 and OpenID Connect vulnerabilities discovered by @artsploit with demos on MITREid \u0421onnect and ForgeRock OpenAM implementations.\n\nContents:\n\u2022 Dynamic Client Registration - SSRF by design (CVE-2021-26715)\n\u2022 \"redirect_uri\" Session Poisoning (CVE-2021-27582)\n\u2022 \"/.well-known/webfinger\" makes all user names well-known\n\nhttps://portswigger.net/research/hidden-oauth-attack-vectors", "creation_timestamp": "2021-03-25T07:21:24.000000Z"}]}