Vulnerabilities
Projects
Vulnerability Disclosure
About Us
Contact Us
Mend.io Vulnerability Database
What is a CVE vulnerability ID? 
What is a WS vulnerability ID?
What is an MSC vulnerability ID?
New vulnerability? Tell us about it!
What is a WS vulnerability ID?
What is an MSC vulnerability ID?
We found results for “”
CVE-2023-1584
Good to know:
Date: October 4, 2023
A flaw was found in Quarkus. Quarkus OIDC can leak both ID and access tokens in the authorization code flow when an insecure HTTP protocol is used, which can allow attackers to access sensitive user data directly from the ID token or by using the access token to access user data from OIDC provider services. Please note that passwords are not stored in access tokens.
Language: Java
Severity Score
Related Resources (13)
Severity Score
Weakness Type (CWE)
Information Leak / Disclosure
CWE-200Insufficient Information
NVD-CWE-noinfoTop Fix
Upgrade Version
Upgrade to version io.quarkus:quarkus-oidc:2.13.8.Final,3.1.0.CR1, io.quarkus:quarkus-oidc-common:2.13.8.Final,3.1.0.CR1
CVSS v3.1
| Base Score: |
|
|---|---|
| Attack Vector (AV): | NETWORK |
| Attack Complexity (AC): | LOW |
| Privileges Required (PR): | NONE |
| User Interaction (UI): | NONE |
| Scope (S): | UNCHANGED |
| Confidentiality (C): | HIGH |
| Integrity (I): | NONE |
| Availability (A): | NONE |