VDB
GHSA-4v5x-9m47-cqr2
GHSA-4v5x-9m47-cqr2
REJECTED
CVSS 4.199999809265137 MEDIUM
Duplicate Advisory: WildFly Elytron OpenID Connect Client Extension authorization code injection attack
Risk Scores
CVSS 3.1
4.199999809265137
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Maven | org.wildfly:wildfly-elytron-oidc-client-subsystem | 0, 0 |
Timeline
- CVE Published
- Mar 2, 2026 Distribution Patch
- Mar 2, 2026 Distribution Patch
- Mar 2, 2026 Distribution Patch
- Mar 2, 2026 Security Advisory
- Mar 2, 2026 Security Advisory
- Mar 2, 2026 Security Advisory
- Mar 2, 2026 Security Advisory
- Mar 2, 2026 Distribution Patch
- Mar 2, 2026 Distribution Patch
- Mar 2, 2026 Distribution Patch
- Mar 2, 2026 Distribution Patch
References
- https://nvd.nist.gov/vuln/detail/CVE-2024-12369 advisory
- https://github.com/wildfly-security/wildfly-elytron/pull/2253 url
- https://github.com/wildfly-security/wildfly-elytron/pull/2261 url
- https://github.com/wildfly-security/wildfly-elytron/commit/5ac5e6bbcba58883b3cebb2ddbcec4de140c5ceb url
- https://github.com/wildfly-security/wildfly-elytron/commit/d7754f5a6a91ceb0f4dbbbfe301991f6a55404cb url
- https://access.redhat.com/errata/RHSA-2025:3989 url
- https://access.redhat.com/errata/RHSA-2025:3990 url
- https://access.redhat.com/errata/RHSA-2025:3992 url
- https://access.redhat.com/security/cve/CVE-2024-12369 url
- https://bugzilla.redhat.com/show_bug.cgi?id=2331178 url
- https://github.com/wildfly/wildfly package