Security Advisory

CVE-2021-27582

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2021-02-23 17:58:39
Last updated 2024-08-03 21:26:09
Assigner mitre
State PUBLISHED

Description

org/mitre/oauth2/web/OAuthConfirmationController.java in the OpenID Connect server implementation for MITREid Connect through 1.3.3 contains a Mass Assignment (aka Autobinding) vulnerability. This arises due to unsafe usage of the @ModelAttribute annotation during the OAuth authorization flow, in which HTTP request parameters affect an authorizationRequest.