Description

A vulnerability was found in OIDC-Client. When using the RH SSO OIDC adapter with EAP 7.x or when using the elytron-oidc-client subsystem with EAP 8.x, authorization code injection attacks can occur, allowing an attacker to inject a stolen authorization code into the attacker's own session with the client with a victim's identity. This is usually done with a Man-in-the-Middle (MitM) or phishing attack.

INFO

Published Date :

2024-12-09T20:53:09.260Z

Last Modified :

2026-04-01T13:29:56.506Z

Source :

redhat
AFFECTED PRODUCTS

The following products are affected by CVE-2024-12369 vulnerability.

Vendors Products
Redhat
  • Build Keycloak
  • Jboss Enterprise Application Platform
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-12369.

URL Resource
https://access.redhat.com/errata/RHSA-2025:3989 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:3990 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:3992 cve-icon cve-icon
https://access.redhat.com/security/cve/CVE-2024-12369 cve-icon cve-icon
https://bugzilla.redhat.com/show_bug.cgi?id=2331178 cve-icon cve-icon
https://github.com/wildfly-security/wildfly-elytron/commit/5ac5e6bbcba58883b3cebb2ddbcec4de140c5ceb cve-icon cve-icon
https://github.com/wildfly-security/wildfly-elytron/commit/d7754f5a6a91ceb0f4dbbbfe301991f6a55404cb cve-icon cve-icon
https://github.com/wildfly-security/wildfly-elytron/pull/2253 cve-icon cve-icon
https://github.com/wildfly-security/wildfly-elytron/pull/2261 cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2024-12369 cve-icon
https://www.cve.org/CVERecord?id=CVE-2024-12369 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact