DescriptionA flaw was found in Quarkus. Quarkus OIDC can leak both ID and access tokens in the authorization code flow when an insecure HTTP protocol is used, which can allow malicious users to access sensitive user data directly from the ID token or by using the access token to access user data from OIDC provider services. Please note that passwords are not stored in access tokens.A flaw was found in Quarkus. Quarkus OIDC can leak both ID and access tokens in the authorization code flow when an insecure HTTP protocol is used, which can allow malicious users to access sensitive user data directly from the ID token or by using the access token to access user data from OIDC provider services. Please note that passwords are not stored in access tokens.

DescriptionA flaw was found in Quarkus Quarkus OIDC can leak both ID and access tokens in the authorization code flow when an insecure HTTP protocol is used, which can allow attackers to access sensitive user data directly from the ID token or by using the access token to access user data from OIDC provider services Please note that passwo ...

Synopsis Moderate: Red Hat build of Quarkus 2138 release and security update Type/Severity Security Advisory: Moderate Topic An update is now available for Red Hat build of Quarkus Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base score, which gives a d ...

https://access.redhat.com/security/cve/cve-2023-1584 https://access.redhat.com/errata/RHSA-2023:3809

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2023-1584

Vulnerability Summary

Most Upvoted Vulmon Research Post

Vendor Advisories

References

Vulmon Search

About

Products

Connect