org.xwiki.contrib.oidc:oidc-authenticator

Maven2 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting org.xwiki.contrib.oidc:oidc-authenticatorpage 1 of 1

CVE-2022-39387CRITICALCVSS 9.1EG 9.1✓ Fixed in 1.29.1
2022-11-04
XWiki OIDC has various tools to manipulate OpenID Connect protocol in XWiki. Prior to version 1.29.1, even if a wiki has an OpenID provider configured through its xwiki.properties, it is possible to provide a third party provider its detai…
CVE-2025-49594CRITICALCVSS 9.2EG 0.0✓ Fixed in 2.18.2
2025-10-06
XWiki OIDC has various tools to manipulate OpenID Connect protocol in XWiki. Starting in version 2.17.1 and prior to version 2.18.2, anyone with VIEW access to a user profile can create a token for that user. If that XWiki instance is conf…

Check whether org.xwiki.contrib.oidc:oidc-authenticator is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for org.xwiki.contrib.oidc:oidc-authenticator CVEs against the assets you own.

Start Free Scan →