Lucene search
PRIOn knowledge basePRION:CVE-2021-26715HistoryMar 25, 2021 - 9:15 a.m.
Server side request forgery (ssrf)
2021-03-2509:15:00
PRIOn knowledge base
www.prio-n.com
7
The OpenID Connect server implementation for MITREid Connect through 1.3.3 contains a Server Side Request Forgery (SSRF) vulnerability. The vulnerability arises due to unsafe usage of the logo_uri parameter in the Dynamic Client Registration request. An unauthenticated attacker can make a HTTP request from the vulnerable server to any address in the internal network and obtain its response (which might, for example, have a JavaScript payload for resultant XSS). The issue can be exploited to bypass network boundaries, obtain sensitive data, or attack other hosts in the internal network.
Related
cve
cve
CVE-2021-26715
2021-03-25 09:15:12
veracode
veracode
Server Side Request Forgery (SSRF)
2021-03-26 03:53:15
nvd
nvd
CVE-2021-26715
2021-03-25 09:15:12
github
github
Server Side Request Forgery (SSRF) in org.mitre:openid-connect-server
2021-05-13 22:30:52
cvelist
cvelist
CVE-2021-26715
2021-03-25 08:07:32
osv
osv
Server Side Request Forgery (SSRF) in org.mitre:openid-connect-server
2021-05-13 22:30:52
CVE-2021-26715
2021-03-25 09:15:12