Docs

Auth0 Security Bulletins

List of bulletins addressing security vulnerabilities in Auth0 software.

This page contains a list of all the published security vulnerabilities of Auth0 software.

Each bulletin contains a description of the vulnerability, how to identify if you are affected, and what to do to fix it.

1. Establish two Auth0 Tenants

Bulletins

Date Bulletin number Title Affected software
September 05, 2019 Auth0 bulletin Auth0 Security Bulletin for assigning scopes based on email address Custom code within Auth0 rules
July 23, 2019 CVE 2019-13483 Security Bulletin for Passport-SharePoint < 0.4.0 Passport-SharePoint
February 15, 2019 CVE 2019-7644 Security Bulletin for Auth0-WCF-Service-JWT < 1.0.4 Auth0-WCF-Service-JWT
January 10, 2019 Auth0 bulletin Auth0 Security Bulletin for Vulnerable Patterns in Custom Rule Code Custom code within Auth0 Rules
August 6, 2018 CVE 2018-15121 Security vulnerability in deprecated Auth0 middleware for ASP.NET auth0-aspnet, auth0-aspnet-owin
June 5, 2018 CVE 2018-11537 Security update for angular-jwt whitelist bypass angular-jwt
April 4, 2018 CVE 2018-6874 Security vulnerability for Auth0 authentication service Auth0 Authentication Service
April 4, 2018 CVE 2018-6873 Security vulnerability for Auth0 authentication service Auth0 Authentication Service
February 26, 2018 CVE 2018-7307 Security vulnerability for auth0.js < 9.3 Auth0.js
December 22, 2017 CVE 2017-16897 Security update for passport-wsfed-saml2 Passport strategy library passport-wsfed-saml2 Passport strategy library
December 4, 2017 CVE 2017-17068 Security update for auth0.js popup callback vulnerability Auth0.js