A flaw was found in` JwtValidator.resolvePublicKey` in JBoss EAP, where the validator checks jku and sends a HTTP request. During this process, no whitelisting or other filtering behavior is performed on the destination URL address, which may result in a server-side request forgery (SSRF) vulnerability.
Metrics
Affected Vendors & Products
References
History
Tue, 29 Oct 2024 03:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
MITRE
Status: PUBLISHED
Assigner: redhat
Published: 2024-04-09T07:01:47.673Z
Updated: 2024-11-24T12:12:48.170Z
Reserved: 2024-02-05T18:40:46.701Z
Link: CVE-2024-1233
Vulnrichment
Updated: 2024-08-01T18:33:25.381Z
NVD
Status : Awaiting Analysis
Published: 2024-04-09T07:15:08.060
Modified: 2024-11-21T08:50:07.317
Link: CVE-2024-1233
Redhat