CVE-2024-12369

EPSS 0.14%
Veröffentlicht 09.12.2024 21:15:08
Zuletzt bearbeitet 02.10.2025 12:15:28
Quelle secalert@redhat.com
Teams Watchlist Login
Unerledigt Login

A vulnerability was found in OIDC-Client. When using the RH SSO OIDC adapter with EAP 7.x or when using the elytron-oidc-client subsystem with EAP 8.x, authorization code injection attacks can occur, allowing an attacker to inject a stolen authorization code into the attacker's own session with the client with a victim's identity. This is usually done with a Man-in-the-Middle (MitM) or phishing attack.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 10

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

Collection URLhttps://github.com/wildfly/wildfly

≫

Paket wildfly

Default Statusunknown

Version <= 34.0.1.Final

Version 0

Status affected

HerstellerRed Hat

≫

Produkt Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8

Default Statusaffected

Version < *

Version 0:2.16.1-1.redhat_00001.1.el8eap

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8

Default Statusaffected

Version < *

Version 0:1.80.0-1.redhat_00001.1.el8eap

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8

Default Statusaffected

Version < *

Version 0:800.7.0-2.GA_redhat_00002.1.el8eap

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8

Default Statusaffected

Version < *

Version 0:6.2.35-1.Final_redhat_00001.1.el8eap

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8

Default Statusaffected

Version < *

Version 0:3.0.13-1.Final_redhat_00001.1.el8eap

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8

Default Statusaffected

Version < *

Version 0:3.0.1-1.redhat_00001.1.el8eap

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8

Default Statusaffected

Version < *

Version 0:4.0.11-1.redhat_00001.1.el8eap

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8

Default Statusaffected

Version < *

Version 0:1.0.4-3.redhat_00004.1.el8eap

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8

Default Statusaffected

Version < *

Version 0:3.1.10-1.redhat_00001.1.el8eap

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8

Default Statusaffected

Version < *

Version 0:5.1.5-1.Final_redhat_00001.1.el8eap

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8

Default Statusaffected

Version < *

Version 0:8.0.7-3.GA_redhat_00004.1.el8eap

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8

Default Statusaffected

Version < *

Version 0:2.2.9-1.Final_redhat_00001.1.el8eap

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Build of Keycloak

Default Statusunaffected

HerstellerRed Hat

≫

Produkt Red Hat JBoss Enterprise Application Platform 7

Default Statusaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.14%	0.348

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
secalert@redhat.com	4.2	1.6	2.5	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N

CWE-345 Insufficient Verification of Data Authenticity

The product does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data.

https://access.redhat.com/security/cve/CVE-2024-12369

https://bugzilla.redhat.com/show_bug.cgi?id=2331178

https://access.redhat.com/errata/RHSA-2025:3989

https://github.com/wildfly-security/wildfly-elytron/commit/5ac5e6bbcba58883b3cebb2ddbcec4de140c5ceb

https://github.com/wildfly-security/wildfly-elytron/commit/d7754f5a6a91ceb0f4dbbbfe301991f6a55404cb

https://github.com/wildfly-security/wildfly-elytron/pull/2253

https://github.com/wildfly-security/wildfly-elytron/pull/2261

https://nvd.nist.gov/vuln/detail/CVE-2024-12369

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-12369

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-12369

EUVD