CVE-2024-12225

Name of the Vulnerable Software and Affected Versions Quarkus (affected versions not specified)

Description A vulnerability was found in the quarkus-security-webauthn module. The Quarkus WebAuthn module publishes default REST endpoints for registering and logging users in, and when developers provide custom REST endpoints, the default endpoints remain accessible. This could potentially allow attackers to obtain a login cookie that has no corresponding user in the Quarkus application, or could correspond to an existing user that has no relation with the current attacker, allowing anyone to log in as an existing user by just knowing that user's username.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.