VYPR
Medium severity4.2OSV Advisory· Published Dec 9, 2024· Updated Apr 15, 2026

CVE-2024-12369

CVE-2024-12369

Description

A vulnerability was found in OIDC-Client. When using the RH SSO OIDC adapter with EAP 7.x or when using the elytron-oidc-client subsystem with EAP 8.x, authorization code injection attacks can occur, allowing an attacker to inject a stolen authorization code into the attacker's own session with the client with a victim's identity. This is usually done with a Man-in-the-Middle (MitM) or phishing attack.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
org.wildfly.security:wildfly-elytronMaven
>= 1.17.0.Final, < 2.2.9.Final2.2.9.Final
org.wildfly.security:wildfly-elytronMaven
>= 2.3.0.Final, < 2.6.2.Final2.6.2.Final
org.wildfly.security:wildfly-elytron-http-oidcMaven
>= 1.17.0.Final, < 2.2.9.Final2.2.9.Final
org.wildfly.security:wildfly-elytron-http-oidcMaven
>= 2.3.0.Final, < 2.6.2.Final2.6.2.Final

Affected products

13

Patches

Vulnerability mechanics

References

13

News mentions

0

No linked articles in our index yet.