{"vulnerability": "cve-2024-51987", "sightings": [{"uuid": "271bc7e0-afbf-491b-b1f8-5fdda287959b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-51987", "type": "seen", "source": "https://t.me/cvedetector/10147", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-51987 - Duende.AccessTokenManagement.OpenIdConnect Token Stealing Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-51987 \nPublished : Nov. 8, 2024, 12:15 a.m. | 35\u00a0minutes ago \nDescription : Duende.AccessTokenManagement.OpenIdConnect is a set of .NET libraries that manage OAuth and OpenId Connect access tokens. HTTP Clients created by `AddUserAccessTokenHttpClient` may use a different user's access token after a token refresh occurs. This occurs because a refreshed token will be captured in pooled `HttpClient` instances, which may be used by a different user. Instead of using `AddUserAccessTokenHttpClient` to create an `HttpClient` that automatically adds a managed token to outgoing requests, you can use the `HttpConext.GetUserAccessTokenAsync` extension method or the `IUserTokenManagementService.GetAccessTokenAsync` method. This issue is fixed in Duende.AccessTokenManagement.OpenIdConnect 3.0.1. All users are advised to upgrade. There are no known workarounds for this vulnerability. \nSeverity: 5.4 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"08 Nov 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-08T02:08:15.000000Z"}, {"uuid": "157bca89-f6aa-4bf0-86cb-5059c6d79c18", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-51987", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113444304438437350", "content": "", "creation_timestamp": "2024-11-07T23:38:32.276473Z"}]}