CVE-2024-1233

{"id": "CVE-2024-1233", "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "secalert@redhat.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.3, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 3.4, "exploitabilityScore": 3.9}]}, "published": "2024-04-09T07:15:08.060", "references": [{"url": "https://access.redhat.com/errata/RHSA-2024:3559", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2024:3560", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2024:3561", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2024:3563", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2024:3580", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2024:3581", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2024:3583", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/security/cve/CVE-2024-1233", "source": "secalert@redhat.com"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2262849", "source": "secalert@redhat.com"}, {"url": "https://github.com/advisories/GHSA-v4mm-q8fv-r2w5", "source": "secalert@redhat.com"}, {"url": "https://github.com/wildfly/wildfly/pull/17812/commits/0c02350bc0d84287bed46e7c32f90b36e50d3523", "source": "secalert@redhat.com"}, {"url": "https://issues.redhat.com/browse/WFLY-19226", "source": "secalert@redhat.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Primary", "source": "secalert@redhat.com", "description": [{"lang": "en", "value": "CWE-918"}]}], "descriptions": [{"lang": "en", "value": "A flaw was found in` JwtValidator.resolvePublicKey` in JBoss EAP, where the validator checks jku and sends a HTTP request. During this process, no whitelisting or other filtering behavior is performed on the destination URL address, which may result in a server-side request forgery (SSRF) vulnerability."}, {"lang": "es", "value": "Se encontr\u00f3 una falla en `JwtValidator.resolvePublicKey` en JBoss EAP, donde el validador verifica jku y env\u00eda una solicitud HTTP. Durante este proceso, no se realiza ninguna lista blanca ni ning\u00fan otro comportamiento de filtrado en la direcci\u00f3n URL de destino, lo que puede provocar una vulnerabilidad Server-Side Request Forgery (SSRF)."}], "lastModified": "2024-06-04T17:15:47.563", "sourceIdentifier": "secalert@redhat.com"}