Primary

Context

Oxia OIDC Authentication Logging Vulnerability Exposing Bearer Tokens

Vulnerability

A vulnerability in Oxia, a metadata store and coordination system, allows for the exposure of OpenID Connect (OIDC) bearer tokens in application logs. This issue occurs in versions prior to 0.16.2. When OIDC authentication fails, the full bearer token is logged in plaintext at the DEBUG level. If debug logging is enabled in production, this exposes JSON Web Tokens (JWT) in application logs and any connected log aggregation systems. All versions using OIDC authentication are affected.

Impact

This vulnerability could lead to unauthorized authentication, as an attacker with access to the exposed JWT tokens could replay them to authenticate as legitimate users.

Remediation

The vulnerability has been fixed in Oxia version 0.16.2. Users should also ensure that DEBUG-level logging is not enabled in production environments.

Added: Apr 22, 2026, 12:22 AM

Updated: Apr 22, 2026, 12:22 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.4

remediation

0.0

relevance

6.4

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.4

remediation

0.0

relevance

6.4

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Oxia OIDC Authentication Logging Vulnerability Exposing Bearer Tokens

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating