How severe is CVE-2024-51987?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.4 out of 10.

What type of vulnerability is CVE-2024-51987?

This is classified as CWE-270, which is a common weakness in software security.

CVE-2024-51987 - MEDIUM Severity | CVSS 5.4

Vulnerability Description

Duende.AccessTokenManagement.OpenIdConnect is a set of .NET libraries that manage OAuth and OpenId Connect access tokens. HTTP Clients created by `AddUserAccessTokenHttpClient` may use a different user's access token after a token refresh occurs. This occurs because a refreshed token will be captured in pooled `HttpClient` instances, which may be used by a different user. Instead of using `AddUserAccessTokenHttpClient` to create an `HttpClient` that automatically adds a managed token to outgoing requests, you can use the `HttpConext.GetUserAccessTokenAsync` extension method or the `IUserTokenManagementService.GetAccessTokenAsync` method. This issue is fixed in Duende.AccessTokenManagement.OpenIdConnect 3.0.1. All users are advised to upgrade. There are no known workarounds for this vulnerability.

Related Vulnerabilities

CVE-2020-1719

MEDIUM

CVSS:5.4(Medium)

A flaw was found in wildfly. The EJBContext principle is not popped back after invoking another EJB using a different Security Domain. The highest threat from this vulnerability is to data confidentia...

CWE-2702020

CVE-2024-37294

MEDIUM

CVSS:5.5(Medium)

Aimeos is an Open Source e-commerce framework for online shops. All SaaS and marketplace setups using Aimeos version from 2022/2023/2024 are affected by a potential denial of service attack. Users sho...

CWE-2702024

CVE-2024-47173

MEDIUM

CVSS:5.5(Medium)

Aimeos is an e-commerce framework. All SaaS and marketplace setups using the Aimeos GraphQL API admin interface version from 2024.04 up to 2024.07.1 are affected by a potential denial of service attac...

CWE-2702024

CVE-2020-7019

MEDIUM

CVSS:6.5(Medium)

In Elasticsearch before 7.9.0 and 6.8.12 a field disclosure flaw was found when running a scrolling search with Field Level Security. If a user runs the same query another more privileged user recentl...

CWE-2702020

CVE-2024-12570

MEDIUM

CVSS:6.7(Medium)

An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.7 prior to 17.4.6, from 17.5 prior to 17.5.4, and from 17.6 prior to 17.6.2. It may have been possible for an attac...

CWE-2702024

CVE-2023-25754

CRITICAL

CVSS:9.8(Critical)

Privilege Context Switching Error vulnerability in Apache Software Foundation Apache Airflow.This issue affects Apache Airflow: before 2.6.0.

CWE-2702023