Primary

Context

Apache APISIX OpenID Connect Plugin Introspection Mode Vulnerability Allowing Cross-Issuer Authentication

Vulnerability

Patched

A vulnerability exists in the OpenID Connect plugin of Apache APISIX versions prior to 3.12.0, specifically when the plugin is used in introspection mode. This issue arises when the authentication service connected to OpenID Connect serves multiple issuers that share the same private key, relying solely on the issuer differentiation. Under these conditions, an attacker with a valid account on one issuer could potentially log into another issuer.

Impact

Exploitation of this vulnerability would enable an attacker to authenticate to an issuer using credentials from a different issuer, potentially leading to unauthorized access.

Remediation

Users are advised to upgrade to Apache APISIX version 3.12.0 or higher.

Added: Jul 2, 2025, 12:16 PM

Updated: Jul 2, 2025, 12:16 PM

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

1.3

exploitability

5.4

remediation

7.7

relevance

0.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

1.3

exploitability

5.4

remediation

7.7

relevance

0.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Apache APISIX OpenID Connect Plugin Introspection Mode Vulnerability Allowing Cross-Issuer Authentication

Vulnerability

Impact

Remediation

Affected Products

Apache APISIX

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating