CVE-2017-7662
Apache CXF Fediz’s OpenID Connect Client Registration Service is vulnerable to CSRF in versions prior to 1.4.0 and 1.3.2. A malicious web app could create new clients or reset secrets after an admin logs in and the session remains active. The connected sources corroborate the same description acr...