Maven package
org.wildfly.security/wildfly-elytron-http-oidc
pkg:maven/org.wildfly.security/wildfly-elytron-http-oidc
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-12369 | Med | 4.2 | >= 1.17.0.Final, < 2.2.9.Final | 2.2.9.Final | Dec 9, 2024 | A vulnerability was found in OIDC-Client. When using the RH SSO OIDC adapter with EAP 7.x or when using the elytron-oidc-client subsystem with EAP 8.x, authorization code injection attacks can occur, allowing an attacker to inject a stolen authorization code into the attacker's o | |
| CVE-2023-6236 | Hig | 7.3 | < 2.2.5.Final | 2.2.5.Final | Apr 10, 2024 | A flaw was found in Red Hat Enterprise Application Platform 8. When an OIDC app that serves multiple tenants attempts to access the second tenant, it should prompt the user to log in again since the second tenant is secured with a different OIDC configuration. The underlying issu |
- affected >= 1.17.0.Final, < 2.2.9.Finalfixed 2.2.9.Final
A vulnerability was found in OIDC-Client. When using the RH SSO OIDC adapter with EAP 7.x or when using the elytron-oidc-client subsystem with EAP 8.x, authorization code injection attacks can occur, allowing an attacker to inject a stolen authorization code into the attacker's o
- affected < 2.2.5.Finalfixed 2.2.5.Final
A flaw was found in Red Hat Enterprise Application Platform 8. When an OIDC app that serves multiple tenants attempts to access the second tenant, it should prompt the user to log in again since the second tenant is secured with a different OIDC configuration. The underlying issu