Quarkus · Quarkus · CVE-2023-1584
**Name of the Vulnerable Software and Affected Versions**
Quarkus (affected versions not specified)
**Description**
A flaw was found in Quarkus, where Quarkus OIDC can leak both ID and access tokens in the authorization code flow when an insecure HTTP protocol is used. This can allow attackers to access sensitive user data directly from the ID token or by using the access token to access user data from OIDC provider services. It is noted that passwords are not stored in access tokens.
**Recommendations**
At the moment, there is no information about a newer version that contains a fix for this vulnerability.