VDB
CVE-2023-1584
CVE-2023-1584
PUBLISHED
CVSS 7.5 HIGH
Quarkus OIDC can leak both ID and access tokens
EPSS 0.29% · 52.8th percentile
Risk Scores
CVSS 3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score
0.29%
52.8th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Red Hat | RHINT Service Registry 2.5.4 GA | |
| Maven | io.quarkus:quarkus-oidc | 0, 3.0.0 |
| 3.1.0.CR1 | ||
| quarkus | quarkus | 0 |
| Red Hat | Red Hat build of Quarkus 2.13.8.Final | 2.13.8.Final-redhat-00004 |
Exploit Intelligence
- RHSA-2023:3809 (circl)
- RHSA-2023:7653 (circl)
- https://access.redhat.com/security/cve/CVE-2023-1584 (circl)
- RHBZ#2180886 (circl)
- https://github.com/quarkusio/quarkus/pull/32192 (circl)
- https://github.com/quarkusio/quarkus/pull/33414 (circl)
Timeline
- Oct 4, 2023 CVE Published
- Oct 5, 2023 EPSS Score
- Nov 6, 2023 EPSS Score
- Dec 7, 2023 EPSS Score
- Jan 8, 2024 EPSS Score
- Feb 9, 2024 EPSS Score
- Mar 11, 2024 EPSS Score
- Apr 12, 2024 EPSS Score
- May 14, 2024 EPSS Score
- Jun 14, 2024 EPSS Score
- Jul 16, 2024 EPSS Score
- Aug 17, 2024 EPSS Score
References
- RHSA-2023:3809 vendor-advisory
- RHSA-2023:7653 vendor-advisory
- https://access.redhat.com/security/cve/CVE-2023-1584 vdb
- RHBZ#2180886 issue
- https://github.com/quarkusio/quarkus/pull/32192 url
- https://github.com/quarkusio/quarkus/pull/33414 url
- https://nvd.nist.gov/vuln/detail/CVE-2023-1584 advisory
- https://github.com/quarkusio/quarkus/pull/32192/commits/5369d7ff233d3afe84ecd9160c541fba52b38e69 url
- https://github.com/quarkusio/quarkus/pull/33414/commits/df305ff12386cf28b33567b8d9a18db164f019dd url
- https://github.com/quarkusio/quarkus/commit/5369d7ff233d3afe84ecd9160c541fba52b38e69 url
- https://github.com/quarkusio/quarkus/commit/df305ff12386cf28b33567b8d9a18db164f019dd url
- https://github.com/quarkusio/quarkus package