CNNVD-202510-806 Information
CNNVD ID
CNNVD-202510-806
Related CVE
- CNNVD Published: 2025-10-06
Description (Chinese)
OpenID Connect(OIDC)是XWiki Contrib开源的一个库。使 XWiki 成为任何应用程序都可以重用的身份提供者。 OpenID Connect(OIDC) 2.17.1版本至2.18.2之前版本存在授权问题漏洞,该漏洞源于具有查看权限的用户可以创建其他用户令牌,可能导致任意用户身份验证。
Description (English)
OpenID Contact (OIDC) is a library of open sources of XWiki Contrib. Make XWiki an identity provider that can be reused for any application. OpenID Contact (OIDC) versions 2.17.1 to 2.18.2 had a mandate gap, which stemmed from the fact that users with access could create other user badges, which could lead to arbitrary user identification.
Hazard Level
High
Vulnerability Type
授权问题
Affected Vendor
XWiki Contrib
Published
2025-10-06
Last Modified
2026-02-24
References
https://github.com/xwiki-contrib/oidc/commit/d90d717172283aaa96bb5bb44e357f910ae64adb https://github.com/xwiki-contrib/oidc/security/advisories/GHSA-f2hf-pfrj-vrm7 https://jira.xwiki.org/browse/OIDC-240
Patch
https://github.com/xwiki-contrib/oidc
Share on: