← Back

Nginx Openid Connect

nginx_openid_connect

Vendor: F5 • 1 CVE

CVEs (1)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2024-10318
1F5
4Nginx Api Connectivity Manager
Nginx Ingress ControllerNginx Instance Manager+1 more
Nov 8, 2024
Nov 6, 2024
5.1 MEDIUM· v4
5.4 MEDIUM· v3
N/A· v2
A session fixation issue was discovered in the NGINX OpenID Connect reference implementation, where a nonce was not checked at login time. This flaw allows an attacker to fix a victim's session to an attacker-controlled...Show more
A session fixation issue was discovered in the NGINX OpenID Connect reference implementation, where a nonce was not checked at login time. This flaw allows an attacker to fix a victim's session to an attacker-controlled account. As a result, although the attacker cannot log in as the victim, they can force the session to associate it with the attacker-controlled account, leading to potential misuse of the victim's session.Show less