Show plain JSON{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://access.redhat.com/errata/RHSA-2024:3559", "name": "RHSA-2024:3559", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:3560", "name": "RHSA-2024:3560", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:3561", "name": "RHSA-2024:3561", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:3563", "name": "RHSA-2024:3563", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:3580", "name": "RHSA-2024:3580", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:3581", "name": "RHSA-2024:3581", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:3583", "name": "RHSA-2024:3583", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/security/cve/CVE-2024-1233", "tags": ["vdb-entry", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2262849", "name": "RHBZ#2262849", "tags": ["issue-tracking", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://github.com/advisories/GHSA-v4mm-q8fv-r2w5", "tags": ["x_transferred"]}, {"url": "https://github.com/wildfly/wildfly/pull/17812/commits/0c02350bc0d84287bed46e7c32f90b36e50d3523", "tags": ["x_transferred"]}, {"url": "https://issues.redhat.com/browse/WFLY-19226", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T18:33:25.381Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-1233", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-04-09T19:46:50.360202Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-22T20:09:03.903Z"}}], "cna": {"title": "Eap: wildfly-elytron has a ssrf security issue", "credits": [{"lang": "en", "value": "Red Hat would like to thank Jingcheng Yang and Jianjun Chen from Sichuan University and Zhongguancun Lab for reporting this issue."}], "metrics": [{"other": {"type": "Red Hat severity rating", "content": {"value": "Moderate", "namespace": "https://access.redhat.com/security/updates/classification/"}}}, {"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.3, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}], "affected": [{"versions": [{"status": "affected", "version": "0", "lessThan": "32.0.0.Final", "versionType": "maven"}], "packageName": "wildfly", "collectionURL": "https://github.com/wildfly/wildfly", "defaultStatus": "unaffected"}, {"cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform:7.4"], "vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 7", "packageName": "eap", "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html", "defaultStatus": "unaffected"}, {"cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8"], "vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8", "versions": [{"status": "unaffected", "version": "0:3.5.8-1.redhat_00001.1.el8eap", "lessThan": "*", "versionType": "rpm"}], "packageName": "eap7-apache-cxf", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8"], "vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8", "versions": [{"status": "unaffected", "version": "0:3.3.22-1.Final_redhat_00001.1.el8eap", "lessThan": "*", "versionType": "rpm"}], "packageName": "eap7-hal-console", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8"], "vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8", "versions": [{"status": "unaffected", "version": "0:11.0.19-2.Final_redhat_00001.1.el8eap", "lessThan": "*", "versionType": "rpm"}], "packageName": "eap7-infinispan", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8"], "vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8", "versions": [{"status": "unaffected", "version": "0:4.0.54-3.Final_redhat_00001.1.el8eap", "lessThan": "*", "versionType": "rpm"}], "packageName": "eap7-jboss-ejb-client", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8"], "vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8", "versions": [{"status": "unaffected", "version": "0:3.0.0-8.SP08_redhat_00001.1.el8eap", "lessThan": "*", "versionType": "rpm"}], "packageName": "eap7-jboss-jsf-api_2.3_spec", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8"], "vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8", "versions": [{"status": "unaffected", "version": "0:13.5.0-1.Final_redhat_00001.1.el8eap", "lessThan": "*", "versionType": "rpm"}], "packageName": "eap7-jboss-metadata", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8"], "vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8", "versions": [{"status": "unaffected", "version": "0:1.12.3-3.Final_redhat_00001.1.el8eap", "lessThan": "*", "versionType": "rpm"}], "packageName": "eap7-jboss-modules", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8"], "vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8", "versions": [{"status": "unaffected", "version": "0:1.10.0-36.Final_redhat_00035.1.el8eap", "lessThan": "*", "versionType": "rpm"}], "packageName": "eap7-jboss-server-migration", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8"], "vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8", "versions": [{"status": "unaffected", "version": "0:2.2.32-1.SP1_redhat_00001.1.el8eap", "lessThan": "*", "versionType": "rpm"}], "packageName": "eap7-undertow", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8"], "vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8", "versions": [{"status": "unaffected", "version": "0:7.4.17-2.GA_redhat_00002.1.el8eap", "lessThan": "*", "versionType": "rpm"}], "packageName": "eap7-wildfly", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8"], "vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8", "versions": [{"status": "unaffected", "version": "0:1.2.4-1.Final_redhat_00001.1.el8eap", "lessThan": "*", "versionType": "rpm"}], "packageName": "eap7-wildfly-discovery", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8"], "vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8", "versions": [{"status": "unaffected", "version": "0:1.15.23-2.Final_redhat_00001.1.el8eap", "lessThan": "*", "versionType": "rpm"}], "packageName": "eap7-wildfly-elytron", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8"], "vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8", "versions": [{"status": "unaffected", "version": "0:1.1.17-1.Final_redhat_00002.1.el8eap", "lessThan": "*", "versionType": "rpm"}], "packageName": "eap7-wildfly-http-client", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8"], "vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8", "versions": [{"status": "unaffected", "version": "0:1.1.19-1.Final_redhat_00001.1.el8eap", "lessThan": "*", "versionType": "rpm"}], "packageName": "eap7-wildfly-transaction-client", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8"], "vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8", "versions": [{"status": "unaffected", "version": "0:2.4.3-1.redhat_00001.1.el8eap", "lessThan": "*", "versionType": "rpm"}], "packageName": "eap7-wss4j", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8"], "vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8", "versions": [{"status": "unaffected", "version": "0:2.3.4-1.redhat_00002.1.el8eap", "lessThan": "*", "versionType": "rpm"}], "packageName": "eap7-xml-security", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9"], "vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9", "versions": [{"status": "unaffected", "version": "0:3.5.8-1.redhat_00001.1.el9eap", "lessThan": "*", "versionType": "rpm"}], "packageName": "eap7-apache-cxf", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9"], "vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9", "versions": [{"status": "unaffected", "version": "0:3.3.22-1.Final_redhat_00001.1.el9eap", "lessThan": "*", "versionType": "rpm"}], "packageName": "eap7-hal-console", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9"], "vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9", "versions": [{"status": "unaffected", "version": "0:11.0.19-2.Final_redhat_00001.1.el9eap", "lessThan": "*", "versionType": "rpm"}], "packageName": "eap7-infinispan", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9"], "vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9", "versions": [{"status": "unaffected", "version": "0:4.0.54-3.Final_redhat_00001.1.el9eap", "lessThan": "*", "versionType": "rpm"}], "packageName": "eap7-jboss-ejb-client", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9"], "vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9", "versions": [{"status": "unaffected", "version": "0:3.0.0-8.SP08_redhat_00001.1.el9eap", "lessThan": "*", "versionType": "rpm"}], "packageName": "eap7-jboss-jsf-api_2.3_spec", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9"], "vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9", "versions": [{"status": "unaffected", "version": "0:13.5.0-1.Final_redhat_00001.1.el9eap", "lessThan": "*", "versionType": "rpm"}], "packageName": "eap7-jboss-metadata", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9"], "vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9", "versions": [{"status": "unaffected", "version": "0:1.12.3-3.Final_redhat_00001.1.el9eap", "lessThan": "*", "versionType": "rpm"}], "packageName": "eap7-jboss-modules", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9"], "vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9", "versions": [{"status": "unaffected", "version": "0:1.10.0-36.Final_redhat_00035.1.el9eap", "lessThan": "*", "versionType": "rpm"}], "packageName": "eap7-jboss-server-migration", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9"], "vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9", "versions": [{"status": "unaffected", "version": "0:2.2.32-1.SP1_redhat_00001.1.el9eap", "lessThan": "*", "versionType": "rpm"}], "packageName": "eap7-undertow", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9"], "vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9", "versions": [{"status": "unaffected", "version": "0:7.4.17-2.GA_redhat_00002.1.el9eap", "lessThan": "*", "versionType": "rpm"}], "packageName": "eap7-wildfly", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9"], "vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9", "versions": [{"status": "unaffected", "version": "0:1.2.4-1.Final_redhat_00001.1.el9eap", "lessThan": "*", "versionType": "rpm"}], "packageName": "eap7-wildfly-discovery", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9"], "vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9", "versions": [{"status": "unaffected", "version": "0:1.15.23-2.Final_redhat_00001.1.el9eap", "lessThan": "*", "versionType": "rpm"}], "packageName": "eap7-wildfly-elytron", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9"], "vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9", "versions": [{"status": "unaffected", "version": "0:1.1.17-1.Final_redhat_00002.1.el9eap", "lessThan": "*", "versionType": "rpm"}], "packageName": "eap7-wildfly-http-client", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9"], "vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9", "versions": [{"status": "unaffected", "version": "0:1.1.19-1.Final_redhat_00001.1.el9eap", "lessThan": "*", "versionType": "rpm"}], "packageName": "eap7-wildfly-transaction-client", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9"], "vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9", "versions": [{"status": "unaffected", "version": "0:2.4.3-1.redhat_00001.1.el9eap", "lessThan": "*", "versionType": "rpm"}], "packageName": "eap7-wss4j", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9"], "vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9", "versions": [{"status": "unaffected", "version": "0:2.3.4-1.redhat_00002.1.el9eap", "lessThan": "*", "versionType": "rpm"}], "packageName": "eap7-xml-security", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7"], "vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7", "versions": [{"status": "unaffected", "version": "0:1.15.23-2.Final_redhat_00001.1.el7eap", "lessThan": "*", "versionType": "rpm"}], "packageName": "eap7-wildfly-elytron", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform:8.0"], "vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 8", "packageName": "eap", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "unaffected"}, {"cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"], "vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8", "versions": [{"status": "unaffected", "version": "0:4.0.1-1.Final_redhat_00001.1.el8eap", "lessThan": "*", "versionType": "rpm"}], "packageName": "eap8-elytron-web", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"], "vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8", "versions": [{"status": "unaffected", "version": "0:2.2.4-2.SP01_redhat_00001.1.el8eap", "lessThan": "*", "versionType": "rpm"}], "packageName": "eap8-wildfly-elytron", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"], "vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9", "versions": [{"status": "unaffected", "version": "0:4.0.1-1.Final_redhat_00001.1.el9eap", "lessThan": "*", "versionType": "rpm"}], "packageName": "eap8-elytron-web", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"], "vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9", "versions": [{"status": "unaffected", "version": "0:2.2.4-2.SP01_redhat_00001.1.el9eap", "lessThan": "*", "versionType": "rpm"}], "packageName": "eap8-wildfly-elytron", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:jbosseapxp"], "vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform Expansion Pack 5", "packageName": "wildfly", "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html", "defaultStatus": "affected"}], "timeline": [{"lang": "en", "time": "2024-02-05T00:00:00+00:00", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2024-04-02T00:00:00+00:00", "value": "Made public."}], "datePublic": "2024-04-02T00:00:00.000Z", "references": [{"url": "https://access.redhat.com/errata/RHSA-2024:3559", "name": "RHSA-2024:3559", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:3560", "name": "RHSA-2024:3560", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:3561", "name": "RHSA-2024:3561", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:3563", "name": "RHSA-2024:3563", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:3580", "name": "RHSA-2024:3580", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:3581", "name": "RHSA-2024:3581", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:3583", "name": "RHSA-2024:3583", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/security/cve/CVE-2024-1233", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2262849", "name": "RHBZ#2262849", "tags": ["issue-tracking", "x_refsource_REDHAT"]}, {"url": "https://github.com/advisories/GHSA-v4mm-q8fv-r2w5"}, {"url": "https://github.com/wildfly/wildfly/pull/17812/commits/0c02350bc0d84287bed46e7c32f90b36e50d3523"}, {"url": "https://issues.redhat.com/browse/WFLY-19226"}], "workarounds": [{"lang": "en", "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}], "descriptions": [{"lang": "en", "value": "A flaw was found in` JwtValidator.resolvePublicKey` in JBoss EAP, where the validator checks jku and sends a HTTP request. During this process, no whitelisting or other filtering behavior is performed on the destination URL address, which may result in a server-side request forgery (SSRF) vulnerability."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-918", "description": "Server-Side Request Forgery (SSRF)"}]}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2025-02-26T03:53:18.933Z"}, "x_redhatCweChain": "CWE-918: Server-Side Request Forgery (SSRF)"}}, "cveMetadata": {"cveId": "CVE-2024-1233", "state": "PUBLISHED", "dateUpdated": "2025-02-26T03:53:18.933Z", "dateReserved": "2024-02-05T18:40:46.701Z", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "datePublished": "2024-04-09T07:01:47.673Z", "assignerShortName": "redhat"}, "dataVersion": "5.1"}