Insufficient Verification of Data Authenticity The advisory has been revoked - it doesn't affect any version of package eap8-hibernate-envers  (opens in a new tab)


Threat Intelligence

EPSS
0.25% (16th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk IDSNYK-RHEL9-EAP8HIBERNATEENVERS-15917299
  • published6 Apr 2026
  • disclosed9 Dec 2024

Introduced: 9 Dec 2024

CVE-2024-12369  (opens in a new tab)
CWE-345  (opens in a new tab)

Amendment

The Red Hat security team deemed this advisory irrelevant for RHEL:9.

NVD Description

Note: Versions mentioned in the description apply only to the upstream eap8-hibernate-envers package and not the eap8-hibernate-envers package as distributed by RHEL.

A vulnerability was found in OIDC-Client. When using the RH SSO OIDC adapter with EAP 7.x or when using the elytron-oidc-client subsystem with EAP 8.x, authorization code injection attacks can occur, allowing an attacker to inject a stolen authorization code into the attacker's own session with the client with a victim's identity. This is usually done with a Man-in-the-Middle (MitM) or phishing attack.