A vulnerability in the account linking logic of the extension allows a pre-hijacking attack leading to Account Takeover. The attack can only be exploited if the following requirements are met:
An updated versions 4.0.0 is available from the TYPO3 extension manager, packagist and at https://extensions.typo3.org/extension/download/oidc/4.0.0/zip
Users of the extension are advised to update the extension as soon as possible.
{ "nvd_published_at": null, "cwe_ids": [ "CWE-288", "CWE-639" ], "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2025-01-28T19:15:44Z" }