GHSA-JPMX-996V-48FM WildFly Elytron: OIDC app attempting to access the second tenant, the user should be prompted to log

A flaw was found in JBoss EAP. When an OIDC app that serves multiple tenants attempts to access the second tenant, it should prompt the user to log in again since the second tenant is secured with a different OIDC configuration. The underlying issue is in OidcSessionTokenStore when determining if...

WildFly Elytron: OIDC app attempting to access the second tenant, the user should be prompted to log

A flaw was found in JBoss EAP. When an OIDC app that serves multiple tenants attempts to access the second tenant, it should prompt the user to log in again since the second tenant is secured with a different OIDC configuration. The underlying issue is in OidcSessionTokenStore when determining if...

CVE-2023-6236

A flaw was found in Red Hat Enterprise Application Platform 8. When an OIDC app that serves multiple tenants attempts to access the second tenant, it should prompt the user to log in again since the second tenant is secured with a different OIDC configuration. The underlying issue is in...

CVE-2023-6236 Eap: oidc app attempting to access the second tenant, the user should be prompted to log

A flaw was found in Red Hat Enterprise Application Platform 8. When an OIDC app that serves multiple tenants attempts to access the second tenant, it should prompt the user to log in again since the second tenant is secured with a different OIDC configuration. The underlying issue is in...

CVE-2023-6236 Eap: oidc app attempting to access the second tenant, the user should be prompted to log

A flaw was found in Red Hat Enterprise Application Platform 8. When an OIDC app that serves multiple tenants attempts to access the second tenant, it should prompt the user to log in again since the second tenant is secured with a different OIDC configuration. The underlying issue is in...

CVE-2023-6236

CVE-2023-6236 affects Red Hat JBoss Enterprise Application Platform 8 (OIDC multi-tenant scenario). The root cause is in OidcSessionTokenStore: when deciding whether to reuse a cached token, it must also consider the new provider-url option in addition to realm; without this, an app serving multi...

CVE-2023-6236

A flaw was found in Red Hat Enterprise Application Platform 8. When an OIDC app that serves multiple tenants attempts to access the second tenant, it should prompt the user to log in again since the second tenant is secured with a different OIDC configuration. The underlying issue is in...

Red Hat JBoss Enterprise Application Platform 数据伪造问题漏洞

Red Hat JBoss Enterprise Application Platform EAP is an open source, J2EE-based middleware platform from Red Hat, Inc. The platform is primarily used to build, deploy and host Java applications and services. A data forgery vulnerability exists in Red Hat JBoss Enterprise Application Platform EAP,...