What the vulnerability does
01Description
In One Identity OneLogin before 2025.3.0, a request returns the OIDC client secret with GET Apps API v2 (even though this secret should only be returned when an App is first created),
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
What the vulnerability does
In One Identity OneLogin before 2025.3.0, a request returns the OIDC client secret with GET Apps API v2 (even though this secret should only be returned when an App is first created),
Key dates
External resources