// For flags

CVE-2024-10318

NGINX OpenID Connect Vulnerability

Severity Score

5.1
*CVSS v4

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

Track
*SSVC
Descriptions

A session fixation issue was discovered in the NGINX OpenID Connect reference implementation, where a nonce was not checked at login time. This flaw allows an attacker to fix a victim's session to an attacker-controlled account. As a result, although the attacker cannot log in as the victim, they can force the session to associate it with the attacker-controlled account, leading to potential misuse of the victim's session.

*Credits: Christian August Holm Hansen of Binary Security AS
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Attack Requirements
None
Privileges Required
None
User Interaction
Active
System
Vulnerable | Subsequent
Confidentiality
Low
None
Integrity
Low
None
Availability
None
None
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
None
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:Track
Exploitation
None
Automatable
No
Tech. Impact
Partial
* Organization's Worst-case Scenario
Timeline
  • 2024-10-23 CVE Reserved
  • 2024-11-06 CVE Published
  • 2024-11-06 CVE Updated
  • 2025-04-02 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-384: Session Fixation
CAPEC
References (1)
URL Tag Source
URL Date SRC
URL Date SRC
URL Date SRC
https://my.f5.com/manage/s/article/K000148232 2024-11-06
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
F5
Search vendor "F5"
 NGINX Instance Manager
Search vendor "F5" for product "NGINX Instance Manager"
 >= 2.5.0 < 2.17.4
Search vendor "F5" for product "NGINX Instance Manager" and version " >= 2.5.0 < 2.17.4"
en
Affected
F5
Search vendor "F5"
 NGINX API Connectivity Manager
Search vendor "F5" for product "NGINX API Connectivity Manager"
 >= 1.0.0 < 1.9.3
Search vendor "F5" for product "NGINX API Connectivity Manager" and version " >= 1.0.0 < 1.9.3"
en
Affected
F5
Search vendor "F5"
 NGINX Ingress Controller
Search vendor "F5" for product "NGINX Ingress Controller"
 >= 1.0.0 < 3.7.1
Search vendor "F5" for product "NGINX Ingress Controller" and version " >= 1.0.0 < 3.7.1"
en
Affected