- Description
- A vulnerability was found in OIDC-Client. When using the RH SSO OIDC adapter with EAP 7.x or when using the elytron-oidc-client subsystem with EAP 8.x, authorization code injection attacks can occur, allowing an attacker to inject a stolen authorization code into the attacker's own session with the client with a victim's identity. This is usually done with a Man-in-the-Middle (MitM) or phishing attack.
- Source
- secalert@redhat.com
- NVD status
- Received
CVSS 3.1
- Type
- Primary
- Base score
- 4.2
- Impact score
- 2.5
- Exploitability score
- 1.6
- Vector string
- CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N
- Severity
- MEDIUM
- secalert@redhat.com
- CWE-345
- Hype score
- Not currently trending
CVE-2024-12369 A vulnerability was found in OIDC-Client. When using the RH SSO OIDC adapter with EAP 7.x or when using the elytron-oidc-client subsystem with EAP 8.x, authorization … https://t.co/iDrg1FLva3
@CVEnew
10 Dec 2024
169 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-12369 Authorization Code Injection Vulnerability in OIDC-Client on EAP 7.x/8.x https://t.co/VlL2rvqw2f
@VulmonFeeds
10 Dec 2024
4 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes