3 matches found
CVE-2022-24129
The OIDC OP plugin before 3.0.4 for Shibboleth Identity Provider allows server-side request forgery SSRF due to insufficient restriction of the requesturi parameter. This allows attackers to interact with arbitrary third-party HTTP services...
CVE-2022-24129
The OIDC OP plugin before 3.0.4 for Shibboleth Identity Provider allows server-side request forgery SSRF due to insufficient restriction of the requesturi parameter. This allows attackers to interact with arbitrary third-party HTTP services...
CVE-2022-24129
The vulnerability CVE-2022-24129 affects the Shibboleth Identity Provider OIDC OP plugin before version 3.0.4. Root cause: insufficient restriction of the request_uri parameter enables server-side request forgery (SSRF), allowing interaction with arbitrary third-party HTTP services. Impact is SSR...