{"id":"CVE-2024-12369","details":"A vulnerability was found in OIDC-Client. When using the RH SSO OIDC adapter with EAP 7.x or when using the elytron-oidc-client subsystem with EAP 8.x, authorization code injection attacks can occur, allowing an attacker to inject a stolen authorization code into the attacker's own session with the client with a victim's identity. This is usually done with a Man-in-the-Middle (MitM) or phishing attack.","aliases":["GHSA-5565-3c98-g6jc"],"modified":"2026-04-10T05:08:26.161577Z","published":"2024-12-09T21:15:08.203Z","related":["CGA-f92m-w235-5wg6"],"references":[{"type":"WEB","url":"https://access.redhat.com/security/cve/CVE-2024-12369"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2025:3992"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2025:3989"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2025:3990"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2331178"},{"type":"FIX","url":"https://github.com/wildfly-security/wildfly-elytron/pull/2253"},{"type":"FIX","url":"https://github.com/wildfly-security/wildfly-elytron/commit/5ac5e6bbcba58883b3cebb2ddbcec4de140c5ceb"},{"type":"FIX","url":"https://github.com/wildfly-security/wildfly-elytron/commit/d7754f5a6a91ceb0f4dbbbfe301991f6a55404cb"},{"type":"FIX","url":"https://github.com/wildfly-security/wildfly-elytron/pull/2261"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/wildfly-security/wildfly-elytron","events":[{"introduced":"0"},{"fixed":"5ac5e6bbcba58883b3cebb2ddbcec4de140c5ceb"}]},{"type":"GIT","repo":"https://github.com/wildfly-security/wildfly-elytron","events":[{"introduced":"0"},{"fixed":"d7754f5a6a91ceb0f4dbbbfe301991f6a55404cb"}]}],"versions":["1.0.0.Alpha1","1.0.0.Alpha2","1.0.0.Alpha3","1.1.0.Alpha1","1.1.0.Beta1","1.1.0.Beta10","1.1.0.Beta11","1.1.0.Beta12","1.1.0.Beta13","1.1.0.Beta14","1.1.0.Beta15","1.1.0.Beta16","1.1.0.Beta17","1.1.0.Beta18","1.1.0.Beta19","1.1.0.Beta2","1.1.0.Beta20","1.1.0.Beta21","1.1.0.Beta22","1.1.0.Beta23","1.1.0.Beta24","1.1.0.Beta25","1.1.0.Beta26","1.1.0.Beta27","1.1.0.Beta28","1.1.0.Beta29","1.1.0.Beta3","1.1.0.Beta30","1.1.0.Beta31","1.1.0.Beta32","1.1.0.Beta33","1.1.0.Beta34","1.1.0.Beta35","1.1.0.Beta36","1.1.0.Beta37","1.1.0.Beta38","1.1.0.Beta39","1.1.0.Beta4","1.1.0.Beta40","1.1.0.Beta41","1.1.0.Beta42","1.1.0.Beta43","1.1.0.Beta44","1.1.0.Beta45","1.1.0.Beta46","1.1.0.Beta47","1.1.0.Beta48","1.1.0.Beta49","1.1.0.Beta5","1.1.0.Beta50","1.1.0.Beta51","1.1.0.Beta53","1.1.0.Beta54","1.1.0.Beta55","1.1.0.Beta6","1.1.0.Beta7","1.1.0.Beta8","1.1.0.Beta9","1.1.0.CR1","1.1.0.CR2","1.1.0.CR3","1.10.0.CR1","1.10.0.CR2","1.10.0.CR3","1.10.0.CR4","1.10.0.CR5","1.10.0.CR6","1.10.0.Final","1.10.1.Final","1.10.2.Final","1.10.3.Final","1.11.0.CR1","1.11.0.CR2","1.11.0.CR3","1.11.0.CR4","1.11.0.CR5","1.11.0.Final","1.11.1.Final","1.11.2.Final","1.11.3.Final","1.11.4.Final","1.12.0.CR1","1.12.0.CR2","1.12.0.CR3","1.12.0.Final","1.12.1.Final","1.13.0.CR1","1.13.0.CR2","1.13.0.CR3","1.13.0.CR4","1.13.0.Final","1.13.1.Final","1.13.2.Final","1.14.0.Final","1.14.1.Final","1.14.2.Final","1.15.0.CR1","1.15.0.Final","1.15.1.Final","1.15.2.Final","1.15.3.Final","1.16.0.CR1","1.16.0.Final","1.16.1.Final","1.17.0.Final","1.17.1.Final","1.17.2.Final","1.18.0.Final","1.18.1.Final","1.2.0.Beta1","1.2.0.Beta10","1.2.0.Beta11","1.2.0.Beta12","1.2.0.Beta2","1.2.0.Beta3","1.2.0.Beta4","1.2.0.Beta5","1.2.0.Beta6","1.2.0.Beta7","1.2.0.Beta8","1.2.0.Beta9","1.2.0.Final","1.3.0.Final","1.4.0.Final","1.5.0.Final","1.5.1.Final","1.5.2.Final","1.5.3.Final","1.5.4.Final","1.5.5.Final","1.6.0.Final","1.7.0.CR1","1.7.0.CR2","1.7.0.CR3","1.7.0.Final","1.9.0.CR3","1.9.0.CR4","1.9.0.CR5","1.9.0.Final","1.9.1.Final","2.0.0.Beta1","2.0.0.Beta2","2.0.0.Beta3","2.0.0.Final","2.1.0.Final","2.2.0.Final","2.2.1.Final","2.2.2.Final","2.2.5.Final","2.2.6.Final","2.2.7.Final","2.3.0.Final","2.3.1.Final","2.4.0.CR1","2.4.0.Final","2.4.1.Final","2.4.2.Final","2.5.0.CR1","2.5.0.Final","2.5.1.Final","2.5.2.Final","2.6.0.Final","2.6.1.Final"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-12369.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N"}]}