Maven package
org.xwiki.contrib.oidc/oidc-authenticator
pkg:maven/org.xwiki.contrib.oidc/oidc-authenticator
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-49594 | Cri | — | >= 2.17.1, < 2.18.2 | 2.18.2 | Oct 6, 2025 | XWiki OIDC has various tools to manipulate OpenID Connect protocol in XWiki. Starting in version 2.17.1 and prior to version 2.18.2, anyone with VIEW access to a user profile can create a token for that user. If that XWiki instance is configured to allow token authentication, it | |
| CVE-2022-39387 | — | < 1.29.1 | 1.29.1 | Nov 4, 2022 | XWiki OIDC has various tools to manipulate OpenID Connect protocol in XWiki. Prior to version 1.29.1, even if a wiki has an OpenID provider configured through its xwiki.properties, it is possible to provide a third party provider its details through request parameters. One can th |
- affected >= 2.17.1, < 2.18.2fixed 2.18.2
XWiki OIDC has various tools to manipulate OpenID Connect protocol in XWiki. Starting in version 2.17.1 and prior to version 2.18.2, anyone with VIEW access to a user profile can create a token for that user. If that XWiki instance is configured to allow token authentication, it
- CVE-2022-39387Nov 4, 2022affected < 1.29.1fixed 1.29.1
XWiki OIDC has various tools to manipulate OpenID Connect protocol in XWiki. Prior to version 1.29.1, even if a wiki has an OpenID provider configured through its xwiki.properties, it is possible to provide a third party provider its details through request parameters. One can th