cbcvebase.

One Identity Onelogin Active Directory Connector vulnerabilities

3 known vulnerabilities affecting one_identity/onelogin_active_directory_connector.

Total CVEs
3
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL2MEDIUM1

Vulnerabilities

Page 1 of 1
CVE-2025-34063P2CRITICALCVSS 10.0fixed in 6.1.52025-07-01
CVE-2025-34063 [CRITICAL] CWE-290 CVE-2025-34063: A cryptographic authentication bypass vulnerability exists in OneLogin AD Connector prior to 6.1.5 d A cryptographic authentication bypass vulnerability exists in OneLogin AD Connector prior to 6.1.5 due to the exposure of a tenant’s SSO JWT signing key via the /api/adc/v4/configuration endpoint. An attacker in possession of the signing key can craft valid JWT tokens impersonating arbitrary users within a OneLogin tenant. The tokens allow authent
nvd
CVE-2025-34064P3CRITICALCVSS 9.0fixed in 6.1.52025-07-01
CVE-2025-34064 [CRITICAL] CWE-200 CVE-2025-34064: A cloud infrastructure misconfiguration in OneLogin AD Connector results in log data being sent to a A cloud infrastructure misconfiguration in OneLogin AD Connector results in log data being sent to a hardcoded S3 bucket (onelogin-adc-logs-production) without validating bucket ownership. An attacker who registers this unclaimed bucket can begin receiving log files from other OneLogin tenants. These logs may contain sensitive data such as directo
nvd
CVE-2025-34062P4MEDIUMCVSS 5.7fixed in 6.1.52025-07-01
CVE-2025-34062 [MEDIUM] CWE-200 CVE-2025-34062: An information disclosure vulnerability exists in OneLogin AD Connector versions prior to 6.1.5 via An information disclosure vulnerability exists in OneLogin AD Connector versions prior to 6.1.5 via the /api/adc/v4/configuration endpoint. An attacker with access to a valid directory_token—which may be retrievable from host registry keys or improperly secured logs—can retrieve a plaintext response disclosing sensitive credentials. These may include
nvd
One Identity Onelogin Active Directory Connector vulnerabilities | cvebase