A vulnerability of plugin openid-connect in Apache APISIX.
This vulnerability will only have an impact if all of the following conditions are met:
If affected by this vulnerability, it would allow an attacker with a valid account on one of the issuers to log into the other issuer.
This issue affects Apache APISIX: until 3.12.0.
Users are recommended to upgrade to version 3.12.0 or higher.
Exploitability
AV:NAC:HPR:LUI:NScope
S:UImpact
C:HI:NA:N5.3/CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:NOther