GHSA-vwm8-rprj-29f7HighCVSS 8.1
Leantime contains an OIDC login CSRF vulnerability in the verifyState() method that...
🔗 CVE IDs covered (1)
📋 Description
Leantime contains an OIDC login CSRF vulnerability in the verifyState() method that unconditionally returns true without validating state parameters. Attackers can craft malicious callback URLs with attacker-controlled authorization codes to perform session fixation, logging victims in as the attacker.
🔗 References (6)
- https://nvd.nist.gov/vuln/detail/CVE-2026-59713
- https://github.com/Leantime/leantime/issues/3535
- https://github.com/Leantime/leantime/commit/9630eb7db682fb1b4e23cdabf3428d03ec6f5094
- https://github.com/Leantime/leantime
- https://www.vulncheck.com/advisories/leantime-oidc-login-csrf-via-unconditional-state-verification-stub
- https://github.com/advisories/GHSA-vwm8-rprj-29f7