{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-09T05:17:26.610","vulnerabilities":[{"cve":{"id":"CVE-2024-12369","sourceIdentifier":"secalert@redhat.com","published":"2024-12-09T21:15:08.203","lastModified":"2026-04-15T00:35:42.020","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability was found in OIDC-Client. When using the RH SSO OIDC adapter with EAP 7.x or when using the elytron-oidc-client subsystem with EAP 8.x, authorization code injection attacks can occur, allowing an attacker to inject a stolen authorization code into the attacker's own session with the client with a victim's identity. This is usually done with a Man-in-the-Middle (MitM) or phishing attack."},{"lang":"es","value":"Se encontró una vulnerabilidad en OIDC-Client. Al utilizar el adaptador RH SSO OIDC con EAP 7.x o al utilizar el subsistema elytron-oidc-client con EAP 8.x, pueden producirse ataques de inyección de código de autorización, lo que permite a un atacante inyectar un código de autorización robado en la propia sesión del atacante con el cliente con la identidad de la víctima. Esto suele hacerse con un ataque de tipo Man-in-the-Middle (MitM) o de phishing."}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N","baseScore":4.2,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":1.6,"impactScore":2.5}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Secondary","description":[{"lang":"en","value":"CWE-345"}]}],"references":[{"url":"https://access.redhat.com/errata/RHSA-2025:3989","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2025:3990","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2025:3992","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/security/cve/CVE-2024-12369","source":"secalert@redhat.com"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2331178","source":"secalert@redhat.com"},{"url":"https://github.com/wildfly-security/wildfly-elytron/commit/5ac5e6bbcba58883b3cebb2ddbcec4de140c5ceb","source":"secalert@redhat.com"},{"url":"https://github.com/wildfly-security/wildfly-elytron/commit/d7754f5a6a91ceb0f4dbbbfe301991f6a55404cb","source":"secalert@redhat.com"},{"url":"https://github.com/wildfly-security/wildfly-elytron/pull/2253","source":"secalert@redhat.com"},{"url":"https://github.com/wildfly-security/wildfly-elytron/pull/2261","source":"secalert@redhat.com"}]}}]}