295 matches found
CVE-2025-43916
CVE-2025-43916 affects Sonos api.sonos.com (endpoint /login/v3/oauth). The flaw allows a redirect_uri containing userinfo in the authority component, violating RFC 6819 5.2.3.5 and potentially causing an authorization code to be sent to an attacker-controlled destination. Public-fix details are n...
elytron-oidc-client: OIDC Authorization Code Injection
A vulnerability was found in OIDC-Client. When using the RH SSO OIDC adapter with EAP 7.x or when using the elytron-oidc-client subsystem with EAP 8.x, authorization code injection attacks can occur, allowing an attacker to inject a stolen authorization code into the attacker's own session with t...
elytron-oidc-client: OIDC Authorization Code Injection
A vulnerability was found in OIDC-Client. When using the RH SSO OIDC adapter with EAP 7.x or when using the elytron-oidc-client subsystem with EAP 8.x, authorization code injection attacks can occur, allowing an attacker to inject a stolen authorization code into the attacker's own session with t...
Moderate: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 8.0.7 security update
A security update is now available for Red Hat JBoss Enterprise Application Platform 8.0 for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...
WildFly Elytron OpenID Connect Client ExtensionOIDC authorization code injection attack
Impact A vulnerability was found in OIDC-Client. When using the elytron-oidc-client subsystem with WildFly, authorization code injection attacks can occur, allowing an attacker to inject a stolen authorization code into the attacker's own session with the client with a victim's identity. This is...
GHSA-5565-3C98-G6JC WildFly Elytron OpenID Connect Client ExtensionOIDC authorization code injection attack
Impact A vulnerability was found in OIDC-Client. When using the elytron-oidc-client subsystem with WildFly, authorization code injection attacks can occur, allowing an attacker to inject a stolen authorization code into the attacker's own session with the client with a victim's identity. This is...
CVE-2025-24876
CVE-2025-24876 affects the SAP Approuter Node.js package, specifically version v16.7.1 and earlier. The vulnerability is an authentication bypass during the authorization code exchange, where an attacker can inject a malicious payload to steal the victim’s session. The practical impact is high co...
CVE-2025-24876 Authentication bypass via authorization code injection in SAP Approuter
The SAP Approuter Node.js package version v16.7.1 and before is vulnerable to Authentication bypass. When trading an authorization code an attacker can steal the session of the victim by injecting malicious payload causing High impact on confidentiality and integrity of the application...
Insufficient Verification Of Data Authenticity
org.wildfly:wildfly-elytron-oidc-client-subsystem is vulnerable to authorization code injection. The vulnerability is due to improper session handling that allows an attacker to inject a stolen authorization code into their own session with a victim's identity, typically through a Man-in-the-Midd...
Insufficient Verification of Data Authenticity
Overview Affected versions of this package are vulnerable to Insufficient Verification of Data Authenticity via the OIDC-Client subsystem. An attacker can impersonate a victim by injecting a stolen authorization code into their own session. Note: This is only exploitable if the following happens-...
GHSA-4V5X-9M47-CQR2 Duplicate Advisory: WildFly Elytron OpenID Connect Client Extension authorization code injection attack
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-5565-3c98-g6jc. This link is maintained to preserve external references. Original Description A vulnerability was found in OIDC-Client. When using the RH SSO OIDC adapter with EAP 7.x or when using the...
Duplicate Advisory: WildFly Elytron OpenID Connect Client Extension authorization code injection attack
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-5565-3c98-g6jc. This link is maintained to preserve external references. Original Description A vulnerability was found in OIDC-Client. When using the RH SSO OIDC adapter with EAP 7.x or when using the...
CVE-2024-12369
A vulnerability was found in OIDC-Client. When using the RH SSO OIDC adapter with EAP 7.x or when using the elytron-oidc-client subsystem with EAP 8.x, authorization code injection attacks can occur, allowing an attacker to inject a stolen authorization code into the attacker's own session with t...
CVE-2024-12369
A vulnerability was found in OIDC-Client. When using the RH SSO OIDC adapter with EAP 7.x or when using the elytron-oidc-client subsystem with EAP 8.x, authorization code injection attacks can occur, allowing an attacker to inject a stolen authorization code into the attacker's own session with t...
CVE-2024-12369
A vulnerability was found in OIDC-Client. When using the RH SSO OIDC adapter with EAP 7.x or when using the elytron-oidc-client subsystem with EAP 8.x, authorization code injection attacks can occur, allowing an attacker to inject a stolen authorization code into the attacker's own session with t...
CVE-2024-12369 Elytron-oidc-client: oidc authorization code injection
A vulnerability was found in OIDC-Client. When using the RH SSO OIDC adapter with EAP 7.x or when using the elytron-oidc-client subsystem with EAP 8.x, authorization code injection attacks can occur, allowing an attacker to inject a stolen authorization code into the attacker's own session with t...
CVE-2024-12369
CVE-2024-12369 affects the OpenID Connect client integration in WildFly/JBoss EAP via the OIDC Client (ELY-OIDC) subsystem. The flaw allows an attacker to inject a stolen authorization code into their own session, effectively impersonating a victim, typically via MitM or phishing. Affected compon...
CVE-2024-12369 Elytron-oidc-client: oidc authorization code injection
A vulnerability was found in OIDC-Client. When using the RH SSO OIDC adapter with EAP 7.x or when using the elytron-oidc-client subsystem with EAP 8.x, authorization code injection attacks can occur, allowing an attacker to inject a stolen authorization code into the attacker's own session with t...
CVE-2024-12369
A vulnerability was found in OIDC-Client. When using the RH SSO OIDC adapter with EAP 7.x or when using the elytron-oidc-client subsystem with EAP 8.x, authorization code injection attacks can occur, allowing an attacker to inject a stolen authorization code into the attacker's own session with t...
PT-2024-17571
Name of the Vulnerable Software and Affected Versions OIDC-Client versions prior to the fixed version EAP 7.x EAP 8.x Description A vulnerability was found in OIDC-Client, allowing authorization code injection attacks to occur when using the RH SSO OIDC adapter with EAP 7.x or the...