2 matches found
CVE-2025-49594 XWiki OIDC Authenticator vulnerable to creation of token for any user with just `view` right
XWiki OIDC has various tools to manipulate OpenID Connect protocol in XWiki. Starting in version 2.17.1 and prior to version 2.18.2, anyone with VIEW access to a user profile can create a token for that user. If that XWiki instance is configured to allow token authentication, it allows...
PT-2025-40900
Name of the Vulnerable Software and Affected Versions XWiki versions 2.17.1 through 2.18.1 Description XWiki OpenID Connect OIDC contains tools for manipulating the OpenID Connect protocol. Individuals with VIEW access to a user profile can generate a token for that user in versions prior to...