4.2
CVE-2024-12369
- EPSS 0.14%
- Published 09.12.2024 21:15:08
- Last modified 02.10.2025 12:15:28
- Source secalert@redhat.com
- Teams watchlist Login
- Open Login
A vulnerability was found in OIDC-Client. When using the RH SSO OIDC adapter with EAP 7.x or when using the elytron-oidc-client subsystem with EAP 8.x, authorization code injection attacks can occur, allowing an attacker to inject a stolen authorization code into the attacker's own session with the client with a victim's identity. This is usually done with a Man-in-the-Middle (MitM) or phishing attack.
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
This information is available to logged-in users. Login
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
Collection URLhttps://github.com/wildfly/wildfly
≫
Package
wildfly
Default Statusunknown
Version <=
34.0.1.Final
Version
0
Status
affected
VendorRed Hat
≫
Product
Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8
Default Statusaffected
Version <
*
Version
0:2.16.1-1.redhat_00001.1.el8eap
Status
unaffected
VendorRed Hat
≫
Product
Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8
Default Statusaffected
Version <
*
Version
0:1.80.0-1.redhat_00001.1.el8eap
Status
unaffected
VendorRed Hat
≫
Product
Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8
Default Statusaffected
Version <
*
Version
0:800.7.0-2.GA_redhat_00002.1.el8eap
Status
unaffected
VendorRed Hat
≫
Product
Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8
Default Statusaffected
Version <
*
Version
0:6.2.35-1.Final_redhat_00001.1.el8eap
Status
unaffected
VendorRed Hat
≫
Product
Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8
Default Statusaffected
Version <
*
Version
0:3.0.13-1.Final_redhat_00001.1.el8eap
Status
unaffected
VendorRed Hat
≫
Product
Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8
Default Statusaffected
Version <
*
Version
0:3.0.1-1.redhat_00001.1.el8eap
Status
unaffected
VendorRed Hat
≫
Product
Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8
Default Statusaffected
Version <
*
Version
0:4.0.11-1.redhat_00001.1.el8eap
Status
unaffected
VendorRed Hat
≫
Product
Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8
Default Statusaffected
Version <
*
Version
0:1.0.4-3.redhat_00004.1.el8eap
Status
unaffected
VendorRed Hat
≫
Product
Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8
Default Statusaffected
Version <
*
Version
0:3.1.10-1.redhat_00001.1.el8eap
Status
unaffected
VendorRed Hat
≫
Product
Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8
Default Statusaffected
Version <
*
Version
0:5.1.5-1.Final_redhat_00001.1.el8eap
Status
unaffected
VendorRed Hat
≫
Product
Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8
Default Statusaffected
Version <
*
Version
0:8.0.7-3.GA_redhat_00004.1.el8eap
Status
unaffected
VendorRed Hat
≫
Product
Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8
Default Statusaffected
Version <
*
Version
0:2.2.9-1.Final_redhat_00001.1.el8eap
Status
unaffected
VendorRed Hat
≫
Product
Red Hat Build of Keycloak
Default Statusunaffected
VendorRed Hat
≫
Product
Red Hat JBoss Enterprise Application Platform 7
Default Statusaffected
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.14% | 0.348 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| secalert@redhat.com | 4.2 | 1.6 | 2.5 |
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N
|
CWE-345 Insufficient Verification of Data Authenticity
The product does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data.