cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2023-1584,https://securityvulnerability.io/vulnerability/CVE-2023-1584,Id and access tokens leak via the authorization code flow,"A security flaw in Quarkus OIDC has been identified, allowing the potential leakage of ID and access tokens when utilizing an insecure HTTP protocol during the authorization code flow. This vulnerability creates avenues for attackers to gain access to sensitive user data either directly from the ID token or by exploiting the access token to interact with OIDC provider services. It is important to note that the access tokens do not store passwords, yet their exposure could still result in significant privacy and security issues.",Red Hat,"quarkus-oidc,Red Hat build of Quarkus,Red Hat Integration Service Registry",7.5,HIGH,0.0012799999676644802,false,false,false,false,,false,false,2023-10-04T11:15:00.000Z,0