{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-28T20:30:17.386","vulnerabilities":[{"cve":{"id":"CVE-2024-10318","sourceIdentifier":"f5sirt@f5.com","published":"2024-11-06T17:15:13.680","lastModified":"2026-06-17T06:55:24.173","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A session fixation issue was discovered in the NGINX OpenID Connect reference implementation, where a nonce was not checked at login time. This flaw allows an attacker to fix a victim's session to an attacker-controlled account. As a result, although the attacker cannot log in as the victim, they can force the session to associate it with the attacker-controlled account, leading to potential misuse of the victim's session."},{"lang":"es","value":"Se descubrió un problema de fijación de sesión en la implementación de referencia de NGINX OpenID Connect, donde no se verificaba un nonce en el momento de iniciar sesión. Esta falla permite que un atacante fije la sesión de una víctima a una cuenta controlada por el atacante. Como resultado, aunque el atacante no puede iniciar sesión como la víctima, puede forzar la sesión para asociarla con la cuenta controlada por el atacante, lo que lleva a un posible uso indebido de la sesión de la víctima."}],"affected":[{"source":"f5sirt@f5.com","affectedData":[{"vendor":"F5","product":"NGINX OpenID Connect","defaultStatus":"unknown","repo":"https://github.com/nginxinc/nginx-openid-connect/","versions":[{"version":"fa1ad160e2637d1d583611124478039170d726ab","lessThan":"133504f4fd9f72f3e36668f9f2f3d32a86fcb269","versionType":"git","status":"affected"}]},{"vendor":"F5","product":"NGINX Instance Manager","defaultStatus":"unaffected","versions":[{"version":"2.5.0","lessThan":"2.17.4","versionType":"semver","status":"affected"}]},{"vendor":"F5","product":"NGINX API Connectivity Manager","defaultStatus":"unaffected","versions":[{"version":"1.0.0","lessThan":"1.9.3","versionType":"semver","status":"affected"}]},{"vendor":"F5","product":"NGINX Ingress Controller","defaultStatus":"unaffected","versions":[{"version":"1.0.0","lessThan":"3.7.1","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"f5sirt@f5.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"ACTIVE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"f5sirt@f5.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.5},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.5}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2024-11-06T16:57:19.535215Z","id":"CVE-2024-10318","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"f5sirt@f5.com","type":"Secondary","description":[{"lang":"en","value":"CWE-384"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-384"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:f5:nginx_api_connectivity_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"1.3.0","versionEndExcluding":"1.9.3","matchCriteriaId":"E624284B-CE82-453E-826A-9EE55A23EABB"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:nginx_ingress_controller:*:*:*:*:*:*:*:*","versionEndIncluding":"1.12.5","matchCriteriaId":"DA2D8A1D-8D1C-40AD-BF77-72CC7154DB42"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:nginx_ingress_controller:*:*:*:*:*:*:*:*","versionStartIncluding":"2.2.1","versionEndIncluding":"2.4.2","matchCriteriaId":"952208F5-8190-43A7-9C76-BE013518C475"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:nginx_ingress_controller:*:*:*:*:*:*:*:*","versionStartIncluding":"3.0.0","versionEndExcluding":"3.7.1","matchCriteriaId":"46CB1DD5-4B6F-41A4-8A34-9C6C595081A0"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:nginx_instance_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"2.5.0","versionEndExcluding":"2.17.4","matchCriteriaId":"1198CC09-9CEE-4695-BB75-8BA04735E653"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:f5:nginx_openid_connect:*:*:*:*:*:nginx_plus:*:*","versionEndExcluding":"2024-10-24","matchCriteriaId":"55029B4C-3E0B-4159-8422-CE0AB7C1138C"}]}]}],"references":[{"url":"https://my.f5.com/manage/s/article/K000148232","source":"f5sirt@f5.com","tags":["Mitigation","Vendor Advisory"]}]}}]}