CVE-2024-12369

{"id": "CVE-2024-12369", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.2, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.5, "exploitabilityScore": 1.6}]}, "published": "2024-12-09T21:15:08.203", "references": [{"url": "https://access.redhat.com/errata/RHSA-2025:3989", "source": "[email protected]"}, {"url": "https://access.redhat.com/errata/RHSA-2025:3990", "source": "[email protected]"}, {"url": "https://access.redhat.com/errata/RHSA-2025:3992", "source": "[email protected]"}, {"url": "https://access.redhat.com/security/cve/CVE-2024-12369", "source": "[email protected]"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2331178", "source": "[email protected]"}, {"url": "https://github.com/wildfly-security/wildfly-elytron/commit/5ac5e6bbcba58883b3cebb2ddbcec4de140c5ceb", "source": "[email protected]"}, {"url": "https://github.com/wildfly-security/wildfly-elytron/commit/d7754f5a6a91ceb0f4dbbbfe301991f6a55404cb", "source": "[email protected]"}, {"url": "https://github.com/wildfly-security/wildfly-elytron/pull/2253", "source": "[email protected]"}, {"url": "https://github.com/wildfly-security/wildfly-elytron/pull/2261", "source": "[email protected]"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-345"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability was found in OIDC-Client. When using the RH SSO OIDC adapter with EAP 7.x or when using the elytron-oidc-client subsystem with EAP 8.x, authorization code injection attacks can occur, allowing an attacker to inject a stolen authorization code into the attacker's own session with the client with a victim's identity. This is usually done with a Man-in-the-Middle (MitM) or phishing attack."}, {"lang": "es", "value": "Se encontr\u00f3 una vulnerabilidad en OIDC-Client. Al utilizar el adaptador RH SSO OIDC con EAP 7.x o al utilizar el subsistema elytron-oidc-client con EAP 8.x, pueden producirse ataques de inyecci\u00f3n de c\u00f3digo de autorizaci\u00f3n, lo que permite a un atacante inyectar un c\u00f3digo de autorizaci\u00f3n robado en la propia sesi\u00f3n del atacante con el cliente con la identidad de la v\u00edctima. Esto suele hacerse con un ataque de tipo Man-in-the-Middle (MitM) o de phishing."}], "lastModified": "2026-01-26T22:15:52.563", "sourceIdentifier": "[email protected]"}