org.wildfly.security:wildfly-elytron-http-oidc

Maven2 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting org.wildfly.security:wildfly-elytron-http-oidcpage 1 of 1

CVE-2023-6236HIGHCVSS 7.3EG 7.3✓ Fixed in 2.2.5.Final
2024-04-10
vulnerable: 1.15.10.Final ... 2.2.4.Final (43 versions)
A flaw was found in Red Hat Enterprise Application Platform 8. When an OIDC app that serves multiple tenants attempts to access the second tenant, it should prompt the user to log in again since the second tenant is secured with a differen…
CVE-2024-12369MEDIUMCVSS 4.2EG 4.2✓ Fixed in 2.6.2.Final
2024-12-09
vulnerable: 2.3.0.Final ... 2.6.1.Final (12 versions)
A vulnerability was found in OIDC-Client. When using the RH SSO OIDC adapter with EAP 7.x or when using the elytron-oidc-client subsystem with EAP 8.x, authorization code injection attacks can occur, allowing an attacker to inject a stolen…

Check whether org.wildfly.security:wildfly-elytron-http-oidc is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for org.wildfly.security:wildfly-elytron-http-oidc CVEs against the assets you own.

Start Free Scan →