Packagist (Composer) package
causal/oidc
pkg:composer/causal/oidc
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-24856 | Med | 4.2 | >= 3.0.0, < 4.0.0 | 4.0.0 | Mar 16, 2025 | An issue was discovered in the oidc (aka OpenID Connect Authentication) extension before 4.0.0 for TYPO3. The account linking logic allows a pre-hijacking attack, leading to Account Takeover. The attack can only be exploited if the following requirements are met: (1) an attacker | |
| CVE-2024-30173 | med | — | < 2.1.0 | 2.1.0 | Apr 2, 2024 | The authentication service of the extension does not verify the OpenID Connect authentication state from the user lookup chain. Instead, the authentication service authenticates every valid frontend user from the user lookup chain, where the frontend user field “tx_oidc” is not |
- affected >= 3.0.0, < 4.0.0fixed 4.0.0
An issue was discovered in the oidc (aka OpenID Connect Authentication) extension before 4.0.0 for TYPO3. The account linking logic allows a pre-hijacking attack, leading to Account Takeover. The attack can only be exploited if the following requirements are met: (1) an attacker
- affected < 2.1.0fixed 2.1.0
The authentication service of the extension does not verify the OpenID Connect authentication state from the user lookup chain. Instead, the authentication service authenticates every valid frontend user from the user lookup chain, where the frontend user field “tx_oidc” is not