Lucene search

CVE-2024-21643

🗓️ 10 Jan 2024 05:09:15Reported by GoogleType

osv🔗 osv.dev👁 7 Views

IdentityModel Extensions for .NET enable federated identity providers for establishing caller's identity. Vulnerable to SignedHttpRequest protocol exploitation due to default trust of 'jku' claim, allowing remote or local HTTP GET requests

5 of 5AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Reporter	Title	Published	Views	Family All 8
Cvelist	CVE-2024-21643 Microsoft.IdentityModel.Protocols.SignedHttpRequest remote code execution vulnerability	10 Jan 202404:13	–	cvelist
Veracode	Remote Code Execution	10 Jan 202409:20	–	veracode
Prion	Cross site request forgery (csrf)	10 Jan 202405:15	–	prion
RedhatCVE	CVE-2024-21643	5 Feb 202510:42	–	redhatcve
CVE	CVE-2024-21643	10 Jan 202405:15	–	cve
Github Security Blog	Microsoft.IdentityModel.Protocols.SignedHttpRequest remote code execution vulnerability	9 Jan 202418:25	–	github
NVD	CVE-2024-21643	10 Jan 202405:15	–	nvd
OSV	GHSA-RV9J-C866-GP5H Microsoft.IdentityModel.Protocols.SignedHttpRequest remote code execution vulnerability	9 Jan 202418:25	–	osv

Source	Link
github	www.github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/security/advisories/GHSA-rv9j-c866-gp5h
github	www.github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/releases/tag/6.34.0
github	www.github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/releases/tag/7.1.2
github	www.github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/wiki/jkucve

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

10 Jan 2024 05:15Current

8.6High risk

Vulners AI Score8.6

CVSS37.1 - 8.8

EPSS0.00464