CVE-2022-39222

A flaw was found in Dex, an identity service that uses OpenID Connect to drive authentication for other apps. This issue may allow an attacker to make a victim navigate to a malicious website and guide them through the OIDC flow, stealing the OAuth authorization code in the process. The authorization code then can be exchanged by the attacker for a token, gaining access to applications accepting that token. Version 2.35.0 has introduced a fix for this issue; Users are advised to…Read More