| Assigner | redhat |
| Reserved | 2024-02-05 |
| Published | 2024-04-09 |
| Updated | 2024-06-04 |
Description
A flaw was found in` JwtValidator.resolvePublicKey` in JBoss EAP, where the validator checks jku and sends a HTTP request. During this process, no whitelisting or other filtering behavior is performed on the destination URL address, which may result in a server-side request forgery (SSRF) vulnerability.
| CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L |
Problem types
Server-Side Request Forgery (SSRF)
Product status
0:3.5.8-1.redhat_00001.1.el8eap before *
0:3.3.22-1.Final_redhat_00001.1.el8eap before *
0:11.0.19-2.Final_redhat_00001.1.el8eap before *
0:4.0.54-3.Final_redhat_00001.1.el8eap before *
0:3.0.0-8.SP08_redhat_00001.1.el8eap before *
0:13.5.0-1.Final_redhat_00001.1.el8eap before *
0:1.12.3-3.Final_redhat_00001.1.el8eap before *
0:1.10.0-36.Final_redhat_00035.1.el8eap before *
0:2.2.32-1.SP1_redhat_00001.1.el8eap before *
0:7.4.17-2.GA_redhat_00002.1.el8eap before *
0:1.2.4-1.Final_redhat_00001.1.el8eap before *
0:1.15.23-2.Final_redhat_00001.1.el8eap before *
0:1.1.17-1.Final_redhat_00002.1.el8eap before *
0:1.1.19-1.Final_redhat_00001.1.el8eap before *
0:2.4.3-1.redhat_00001.1.el8eap before *
0:2.3.4-1.redhat_00002.1.el8eap before *
0:3.5.8-1.redhat_00001.1.el9eap before *
0:3.3.22-1.Final_redhat_00001.1.el9eap before *
0:11.0.19-2.Final_redhat_00001.1.el9eap before *
0:4.0.54-3.Final_redhat_00001.1.el9eap before *
0:3.0.0-8.SP08_redhat_00001.1.el9eap before *
0:13.5.0-1.Final_redhat_00001.1.el9eap before *
0:1.12.3-3.Final_redhat_00001.1.el9eap before *
0:1.10.0-36.Final_redhat_00035.1.el9eap before *
0:2.2.32-1.SP1_redhat_00001.1.el9eap before *
0:7.4.17-2.GA_redhat_00002.1.el9eap before *
0:1.2.4-1.Final_redhat_00001.1.el9eap before *
0:1.15.23-2.Final_redhat_00001.1.el9eap before *
0:1.1.17-1.Final_redhat_00002.1.el9eap before *
0:1.1.19-1.Final_redhat_00001.1.el9eap before *
0:2.4.3-1.redhat_00001.1.el9eap before *
0:2.3.4-1.redhat_00002.1.el9eap before *
0:1.15.23-2.Final_redhat_00001.1.el7eap before *
0:4.0.1-1.Final_redhat_00001.1.el8eap before *
0:2.2.4-2.SP01_redhat_00001.1.el8eap before *
0:4.0.1-1.Final_redhat_00001.1.el9eap before *
0:2.2.4-2.SP01_redhat_00001.1.el9eap before *
Timeline
| 2024-02-05: | Reported to Red Hat. |
| 2024-04-02: | Made public. |
Credits
Red Hat would like to thank Jingcheng Yang and Jianjun Chen from Sichuan University and Zhongguancun Lab for reporting this issue.
References
https://access.redhat.com/errata/RHSA-2024:3559 (RHSA-2024:3559)
https://access.redhat.com/errata/RHSA-2024:3560 (RHSA-2024:3560)
https://access.redhat.com/errata/RHSA-2024:3561 (RHSA-2024:3561)
https://access.redhat.com/errata/RHSA-2024:3563 (RHSA-2024:3563)
https://access.redhat.com/errata/RHSA-2024:3580 (RHSA-2024:3580)
https://access.redhat.com/errata/RHSA-2024:3581 (RHSA-2024:3581)
https://access.redhat.com/errata/RHSA-2024:3583 (RHSA-2024:3583)
https://access.redhat.com/security/cve/CVE-2024-1233
https://bugzilla.redhat.com/show_bug.cgi?id=2262849 (RHBZ#2262849)
https://github.com/advisories/GHSA-v4mm-q8fv-r2w5
https://github.com/wildfly/wildfly/pull/17812/commits/0c02350bc0d84287bed46e7c32f90b36e50d3523
https://issues.redhat.com/browse/WFLY-19226
