CVE-2024-1233

A flaw was found in` JwtValidator.resolvePublicKey` in JBoss EAP, where the validator checks jku and sends a HTTP request. During this process, no whitelisting or other filtering behavior is performed on the destination URL address, which may result in a server-side request forgery (SSRF) vulnerability.

CVSS v3 7.3 HIGH

7.3^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.9 / Impact : 3.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact LOW

Scope UNCHANGED

References

Link	Resource
https://access.redhat.com/errata/RHSA-2024:3559
https://access.redhat.com/errata/RHSA-2024:3560
https://access.redhat.com/errata/RHSA-2024:3561
https://access.redhat.com/errata/RHSA-2024:3563
https://access.redhat.com/errata/RHSA-2024:3580
https://access.redhat.com/errata/RHSA-2024:3581
https://access.redhat.com/errata/RHSA-2024:3583
https://access.redhat.com/security/cve/CVE-2024-1233
https://bugzilla.redhat.com/show_bug.cgi?id=2262849
https://github.com/advisories/GHSA-v4mm-q8fv-r2w5
https://github.com/wildfly/wildfly/pull/17812/commits/0c02350bc0d84287bed46e7c32f90b36e50d3523
https://issues.redhat.com/browse/WFLY-19226

Configurations

No configuration.

History

No history.

Information

Published : 2024-04-09 07:15

Updated : 2024-06-04 17:15

NVD link : CVE-2024-1233

Mitre link : CVE-2024-1233

CVE.ORG link : CVE-2024-1233

JSON object : View

Products Affected

No product.

CWE

CWE-918

Server-Side Request Forgery (SSRF)

{"id": "CVE-2024-1233", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "secalert@redhat.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.3, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 3.4, "exploitabilityScore": 3.9}]}, "published": "2024-04-09T07:15:08.060", "references": [{"url": "https://access.redhat.com/errata/RHSA-2024:3559", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2024:3560", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2024:3561", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2024:3563", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2024:3580", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2024:3581", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2024:3583", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/security/cve/CVE-2024-1233", "source": "secalert@redhat.com"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2262849", "source": "secalert@redhat.com"}, {"url": "https://github.com/advisories/GHSA-v4mm-q8fv-r2w5", "source": "secalert@redhat.com"}, {"url": "https://github.com/wildfly/wildfly/pull/17812/commits/0c02350bc0d84287bed46e7c32f90b36e50d3523", "source": "secalert@redhat.com"}, {"url": "https://issues.redhat.com/browse/WFLY-19226", "source": "secalert@redhat.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Primary", "source": "secalert@redhat.com", "description": [{"lang": "en", "value": "CWE-918"}]}], "descriptions": [{"lang": "en", "value": "A flaw was found in` JwtValidator.resolvePublicKey` in JBoss EAP, where the validator checks jku and sends a HTTP request. During this process, no whitelisting or other filtering behavior is performed on the destination URL address, which may result in a server-side request forgery (SSRF) vulnerability."}, {"lang": "es", "value": "Se encontr\u00f3 una falla en `JwtValidator.resolvePublicKey` en JBoss EAP, donde el validador verifica jku y env\u00eda una solicitud HTTP. Durante este proceso, no se realiza ninguna lista blanca ni ning\u00fan otro comportamiento de filtrado en la direcci\u00f3n URL de destino, lo que puede provocar una vulnerabilidad Server-Side Request Forgery (SSRF)."}], "lastModified": "2024-06-04T17:15:47.563", "sourceIdentifier": "secalert@redhat.com"}