-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe vulnerability stems from missing nonce validation in the OIDC authorization code flow. The patch adds nonce generation in OidcRequestAuthenticator (via getRedirectUri()) and validation in TokenValidator (via NonceValidator). The absence of these checks in the original code allowed authorization code injection. The functions handling the authorization request construction (getRedirectUri()) and token validation (parseAndVerifyToken()) were directly involved in the missing security checks.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| org.wildfly.security:wildfly-elytron | maven | ||
| org.wildfly.security:wildfly-elytron | maven | ||
| org.wildfly.security:wildfly-elytron-http-oidc | maven | ||
| org.wildfly.security:wildfly-elytron-http-oidc | maven |