2 matches found
com.abavilla:fpi-bot-api (>=1.6.0 <=1.6.2), com.abavilla:fpi-bot-api-parent (>=1.6.0 <=1.6.2) +136 more potentially affected by CVE-2023-1584 via io.quarkus:quarkus-oidc (>=3.0.0.Alpha1 <=3.1.0.CR1)
io.quarkus:quarkus-oidc MAVEN version =3.0.0.Alpha1, =1.6.0, =1.6.0, =1.8.0, =1.8.0, =1.6.0, =1.6.0, =1.8.0, =1.8.0, =1.0.25, =1.0.25, =1.5.0, =1.5.0, =1.3.1, =1.3.1, =1.3.4, =1.3.6 and more Source cves: CVE-2023-1584 Source advisory: OSV:GHSA-6HC9-CF8X-HF83...
CVE-2023-1584
CVE-2023-1584 affects Quarkus OIDC, where the authorizationCode flow can leak both ID and access tokens if HTTP is insecure. This exposes sensitive user data from the IDToken or via the access token to OIDC provider services. Related disclosures cite Red Hat advisory RHSA-2023:7653, GHSA-6HC9-CF8...