admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-07-09 16:05:11 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2024/CVE-2024-123xx/CVE-2024-12369.json
cad-safe-bot 90307445be Auto-Update: 2024-12-22T03:00:24.601826+00:00
2024-12-22 03:03:49 +00:00

64 lines
2.4 KiB
JSON
Raw Blame History

{
"id": "CVE-2024-12369",
"sourceIdentifier": "secalert@redhat.com",
"published": "2024-12-09T21:15:08.203",
"lastModified": "2024-12-09T21:15:08.203",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in OIDC-Client. When using the RH SSO OIDC adapter with EAP 7.x or when using the elytron-oidc-client subsystem with EAP 8.x, authorization code injection attacks can occur, allowing an attacker to inject a stolen authorization code into the attacker's own session with the client with a victim's identity. This is usually done with a Man-in-the-Middle (MitM) or phishing attack."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una vulnerabilidad en OIDC-Client. Al utilizar el adaptador RH SSO OIDC con EAP 7.x o al utilizar el subsistema elytron-oidc-client con EAP 8.x, pueden producirse ataques de inyecci\u00f3n de c\u00f3digo de autorizaci\u00f3n, lo que permite a un atacante inyectar un c\u00f3digo de autorizaci\u00f3n robado en la propia sesi\u00f3n del atacante con el cliente con la identidad de la v\u00edctima. Esto suele hacerse con un ataque de tipo Man-in-the-Middle (MitM) o de phishing."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secalert@redhat.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 1.6,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "secalert@redhat.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-345"
}
]
}
],
"references": [
{
"url": "https://access.redhat.com/security/cve/CVE-2024-12369",
"source": "secalert@redhat.com"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2331178",
"source": "secalert@redhat.com"
}
]
}
Reference in New Issue View Git Blame Copy Permalink