Xwiki-Contrib Oidc vulnerabilities
2 known vulnerabilities affecting xwiki-contrib/oidc.
Total CVEs
2
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH1
Vulnerabilities
Page 1 of 1
CVE-2025-49594P2CRITICALCVSS 9.2v>= 2.17.1, < 2.18.22025-10-06
CVE-2025-49594 [CRITICAL] CWE-285 CVE-2025-49594: XWiki OIDC has various tools to manipulate OpenID Connect protocol in XWiki. Starting in version 2.1
XWiki OIDC has various tools to manipulate OpenID Connect protocol in XWiki. Starting in version 2.17.1 and prior to version 2.18.2, anyone with VIEW access to a user profile can create a token for that user. If that XWiki instance is configured to allow token authentication, it allows authentication with any user (since users are very commonly vi
nvd
CVE-2022-39387P3HIGHCVSS 7.5fixed in 1.29.12022-11-04
CVE-2022-39387 [HIGH] CWE-287 CVE-2022-39387: XWiki OIDC has various tools to manipulate OpenID Connect protocol in XWiki. Prior to version 1.29.1
XWiki OIDC has various tools to manipulate OpenID Connect protocol in XWiki. Prior to version 1.29.1, even if a wiki has an OpenID provider configured through its xwiki.properties, it is possible to provide a third party provider its details through request parameters. One can then bypass the XWiki authentication altogether by specifying its own provi
nvd