io.hawt:hawtio-wildfly (=2.17.7), io.kokuwa.keycloak:keycloak-event-metrics (>=0.1.0 <=1.0.0) +133 more potentially affected by CVE-2024-12369 via org.wildfly.security:wildfly-elytron-http-oidc (>=1.17.0.Final <=2.2.8.Final)

org.wildfly.security:wildfly-elytron-http-oidc MAVEN version =1.17.0.Final, =0.1.0, =9.4.45.v20220203, =9.4.45.v20220203, =9.4.45.v20220203, =10.0.8, =12.0.1, =12.0.1, =12.0.1, =10.0.10, =13.0.0.CR1, =3.1.0.Final, =3.1.1.Alpha1 - org.jboss.resteasy.spring:galleon-feature-pack-layers-metadata-test...

org.eclipse.jetty.documentation:code-examples (>=10.0.22 <=11.0.25), org.eclipse.jetty:infinispan-common (>=10.0.21 <=11.0.25) +17 more potentially affected by CVE-2024-12369 via org.wildfly.security:wildfly-elytron-http-oidc (>=2.3.0.Final <=2.6.1.Final)

org.wildfly.security:wildfly-elytron-http-oidc MAVEN version =2.3.0.Final, =10.0.22, =10.0.21, =10.0.21, =10.0.21, =10.0.21, =10.0.21, =26.0.0, =26.0.0, =26.0.0, =2.3.0.Final, =2.1.0.Final, =2.1.4.Final and more Source cves: CVE-2024-12369 Source advisory: OSV:GHSA-5565-3C98-G6JC...

Insufficient Verification Of Data Authenticity

org.wildfly.security:wildfly-elytron-http-oidc is vulnerable to Insufficient Verification of Data Authenticity. The vulnerability is due to the session token caching logic when an OIDC app serving multiple tenants accesses a new tenant with a different OIDC configuration. This flaw occurs in...