VYPR

Maven package

org.xwiki.contrib.oidc/oidc-authenticator

pkg:maven/org.xwiki.contrib.oidc/oidc-authenticator

Vulnerabilities (2)

  • CVE-2025-49594CriOct 6, 2025
    affected >= 2.17.1, < 2.18.2fixed 2.18.2

    XWiki OIDC has various tools to manipulate OpenID Connect protocol in XWiki. Starting in version 2.17.1 and prior to version 2.18.2, anyone with VIEW access to a user profile can create a token for that user. If that XWiki instance is configured to allow token authentication, it

  • CVE-2022-39387Nov 4, 2022
    affected < 1.29.1fixed 1.29.1

    XWiki OIDC has various tools to manipulate OpenID Connect protocol in XWiki. Prior to version 1.29.1, even if a wiki has an OpenID provider configured through its xwiki.properties, it is possible to provide a third party provider its details through request parameters. One can th