ГлавнаяУязвимости → CVE-2024-1233
7.3высокая

CVE-2024-1233

Описание

A flaw was found in` JwtValidator.resolvePublicKey` in JBoss EAP, where the validator checks jku and sends a HTTP request. During this process, no whitelisting or other filtering behavior is performed on the destination URL address, which may result in a server-side request forgery (SSRF) vulnerability.

CVSS
Балл7.3 — высокая
ВекторCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Источники
https://access.redhat.com/errata/RHSA-2024:3559https://access.redhat.com/errata/RHSA-2024:3560https://access.redhat.com/errata/RHSA-2024:3561https://access.redhat.com/errata/RHSA-2024:3563https://access.redhat.com/errata/RHSA-2024:3580https://access.redhat.com/errata/RHSA-2024:3581https://access.redhat.com/errata/RHSA-2024:3583https://access.redhat.com/errata/RHSA-2025:9582