Lucene search
K

5 matches found

Veracode
Veracode
added 2023/10/06 7:41 a.m.18 views

Insecure Session Cookie Handling

quarkus-oidc is vulnerable to Insecure OIDC Session Cookie Handling. The vulnerability exists because the library does not properly encrypt the OIDC session cookie value by default which leads to the leakage of both ID and access tokens in the authorization code flow when an insecure HTTP protoco...

7.5CVSS6.9AI score0.00963EPSS
Exploits0References9Affected Software1
OSV
OSV
added 2023/10/04 12:30 p.m.28 views

GHSA-6HC9-CF8X-HF83 Quarkus OIDC can leak both ID and access tokens

A flaw was found in Quarkus. Quarkus OIDC can leak both ID and access tokens in the authorization code flow when an insecure HTTP protocol is used, which can allow attackers to access sensitive user data directly from the ID token or by using the access token to access user data from OIDC provide...

7.5CVSS7.5AI score0.00963EPSS
Exploits0References12
Github Security Blog
Github Security Blog
added 2023/10/04 12:30 p.m.24 views

Quarkus OIDC can leak both ID and access tokens

A flaw was found in Quarkus. Quarkus OIDC can leak both ID and access tokens in the authorization code flow when an insecure HTTP protocol is used, which can allow attackers to access sensitive user data directly from the ID token or by using the access token to access user data from OIDC provide...

7.5CVSS6.8AI score0.00963EPSS
Exploits0References12Affected Software1
NVD
NVD
added 2023/10/04 11:15 a.m.30 views

CVE-2023-1584

A flaw was found in Quarkus. Quarkus OIDC can leak both ID and access tokens in the authorization code flow when an insecure HTTP protocol is used, which can allow attackers to access sensitive user data directly from the ID token or by using the access token to access user data from OIDC provide...

7.5CVSS7.4AI score0.00963EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2023/03/24 1:7 p.m.50 views

CVE-2023-1584

A flaw was found in Quarkus. Quarkus OIDC can leak both ID and access tokens in the authorization code flow when an insecure HTTP protocol is used, which can allow attackers to access sensitive user data directly from the ID token or by using the access token to access user data from OIDC provide...

7.5CVSS6.6AI score0.00963EPSS
Exploits0References5
Rows per page
Query Builder