CVE-2025-49594: XWiki OIDC Authenticator: Users with "view" access can create tokens for any users they can view
N/A
CVSS Score
Basic Information
CVE ID
GHSA ID
EPSS Score
-
CWE
Published
10/6/2025
Updated
10/6/2025
KEV Status
No
Technology
Java
Technical Details
CVSS Vector
-
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| org.xwiki.contrib.oidc:oidc-authenticator | maven | >= 2.17.1, < 2.18.2 | 2.18.2 |