CVE-2024-1233

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-1233
A flaw was found in` JwtValidator.resolvePublicKey` in JBoss EAP, where the validator checks jku and sends a HTTP request. During this process, no whitelisting or other filtering behavior is performed on the destination URL address, which may result in a server-side request forgery (SSRF) vulnerability.

7.3 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact LOW

Scope UNCHANGED

References
Link Resource
https://access.redhat.com/errata/RHSA-2024:3559
https://access.redhat.com/errata/RHSA-2024:3560
https://access.redhat.com/errata/RHSA-2024:3561
https://access.redhat.com/errata/RHSA-2024:3563
https://access.redhat.com/errata/RHSA-2024:3580
https://access.redhat.com/errata/RHSA-2024:3581
https://access.redhat.com/errata/RHSA-2024:3583
https://access.redhat.com/security/cve/CVE-2024-1233
https://bugzilla.redhat.com/show_bug.cgi?id=2262849
https://github.com/advisories/GHSA-v4mm-q8fv-r2w5
https://github.com/wildfly/wildfly/pull/17812/commits/0c02350bc0d84287bed46e7c32f90b36e50d3523
https://issues.redhat.com/browse/WFLY-19226
https://access.redhat.com/errata/RHSA-2024:3559
https://access.redhat.com/errata/RHSA-2024:3560
https://access.redhat.com/errata/RHSA-2024:3561
https://access.redhat.com/errata/RHSA-2024:3563
https://access.redhat.com/errata/RHSA-2024:3580
https://access.redhat.com/errata/RHSA-2024:3581
https://access.redhat.com/errata/RHSA-2024:3583
https://access.redhat.com/security/cve/CVE-2024-1233
https://bugzilla.redhat.com/show_bug.cgi?id=2262849
https://github.com/advisories/GHSA-v4mm-q8fv-r2w5
https://github.com/wildfly/wildfly/pull/17812/commits/0c02350bc0d84287bed46e7c32f90b36e50d3523
https://issues.redhat.com/browse/WFLY-19226
Configurations

No configuration.

History

21 Nov 2024, 08:50

Type Values Removed Values Added
References () https://access.redhat.com/errata/RHSA-2024:3559 - () https://access.redhat.com/errata/RHSA-2024:3559 -
References () https://access.redhat.com/errata/RHSA-2024:3560 - () https://access.redhat.com/errata/RHSA-2024:3560 -
References () https://access.redhat.com/errata/RHSA-2024:3561 - () https://access.redhat.com/errata/RHSA-2024:3561 -
References () https://access.redhat.com/errata/RHSA-2024:3563 - () https://access.redhat.com/errata/RHSA-2024:3563 -
References () https://access.redhat.com/errata/RHSA-2024:3580 - () https://access.redhat.com/errata/RHSA-2024:3580 -
References () https://access.redhat.com/errata/RHSA-2024:3581 - () https://access.redhat.com/errata/RHSA-2024:3581 -
References () https://access.redhat.com/errata/RHSA-2024:3583 - () https://access.redhat.com/errata/RHSA-2024:3583 -
References () https://access.redhat.com/security/cve/CVE-2024-1233 - () https://access.redhat.com/security/cve/CVE-2024-1233 -
References () https://bugzilla.redhat.com/show_bug.cgi?id=2262849 - () https://bugzilla.redhat.com/show_bug.cgi?id=2262849 -
References () https://github.com/advisories/GHSA-v4mm-q8fv-r2w5 - () https://github.com/advisories/GHSA-v4mm-q8fv-r2w5 -
References () https://github.com/wildfly/wildfly/pull/17812/commits/0c02350bc0d84287bed46e7c32f90b36e50d3523 - () https://github.com/wildfly/wildfly/pull/17812/commits/0c02350bc0d84287bed46e7c32f90b36e50d3523 -
References () https://issues.redhat.com/browse/WFLY-19226 - () https://issues.redhat.com/browse/WFLY-19226 -

04 Jun 2024, 17:15

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2024:3580 -
  • () https://access.redhat.com/errata/RHSA-2024:3581 -
  • () https://access.redhat.com/errata/RHSA-2024:3583 -

04 Jun 2024, 14:15

Type Values Removed Values Added
References
  • () https://github.com/advisories/GHSA-v4mm-q8fv-r2w5 -
  • () https://github.com/wildfly/wildfly/pull/17812/commits/0c02350bc0d84287bed46e7c32f90b36e50d3523 -
  • () https://issues.redhat.com/browse/WFLY-19226 -

03 Jun 2024, 23:15

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2024:3559 -
  • () https://access.redhat.com/errata/RHSA-2024:3560 -
  • () https://access.redhat.com/errata/RHSA-2024:3561 -
  • () https://access.redhat.com/errata/RHSA-2024:3563 -

14 May 2024, 16:15

Type Values Removed Values Added
CWE CWE-918

09 Apr 2024, 12:48

Type Values Removed Values Added
Summary
  • (es) Se encontró una falla en `JwtValidator.resolvePublicKey` en JBoss EAP, donde el validador verifica jku y envía una solicitud HTTP. Durante este proceso, no se realiza ninguna lista blanca ni ningún otro comportamiento de filtrado en la dirección URL de destino, lo que puede provocar una vulnerabilidad Server-Side Request Forgery (SSRF).

09 Apr 2024, 07:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-04-09 07:15

Updated : 2024-11-21 08:50

NVD link : CVE-2024-1233

Mitre link : CVE-2024-1233

CVE.ORG link : CVE-2024-1233

JSON object : View

Products Affected

No product.

CWE
CWE-918

Server-Side Request Forgery (SSRF)


NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024