Apache CXF Fediz ships with an OpenId Connect (OIDC) service which has a Client Registration Service, which is a simple web application that allows clients to be created, deleted, etc. A CSRF (Cross Style Request Forgery) style vulnerability has been found in this web application in Apache CXF Fediz prior to 1.4.0 and 1.3.2, meaning that a malicious web application could create new clients, or reset secrets, etc, after the admin user has logged on to the client registration service and the session is still active.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: apache
Published: 2017-05-16T17:00:00
Updated: 2021-06-16T11:07:15
Reserved: 2017-04-11T00:00:00
Link: CVE-2017-7662
JSON object: View
NVD Information
Status : Modified
Published: 2017-05-16T17:29:00.497
Modified: 2023-11-07T02:50:14.113
Link: CVE-2017-7662
JSON object: View
Redhat Information
No data.
CWE