A flaw was found in` JwtValidator.resolvePublicKey` in JBoss EAP, where the validator checks jku and sends a HTTP request. During this process, no whitelisting or other filtering behavior is performed on the destination URL address, which may result in a server-side request forgery (SSRF) vulnerability.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: redhat
Published: 2024-04-09T07:01:47.673Z
Updated: 2024-09-16T17:15:20.540Z
Reserved: 2024-02-05T18:40:46.701Z
Link: CVE-2024-1233
Vulnrichment
Updated: 2024-08-01T18:33:25.381Z
NVD
Status : Awaiting Analysis
Published: 2024-04-09T07:15:08.060
Modified: 2024-06-04T17:15:47.563
Link: CVE-2024-1233
Redhat