Lucene search
K

14 matches found

Cvelist
Cvelist
added 2026/07/02 7:41 p.m.36 views

CVE-2026-59096 Dapr - OIDC Discovery Issuer and JWKS URI Injection via Unvalidated X-Forwarded-Host

Dapr Sentry's OIDC discovery endpoint derives the issuer and jwksuri of the /.well-known/openid-configuration document from the request Host, honoring an attacker-controlled X-Forwarded-Host header without validation when no allowed-hosts list is configured the default, and serves the document wi...

8.2CVSS0.00246EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/07 4:18 a.m.19 views

EUVD-2026-28315

Istio is an open platform to connect, manage, and secure microservices. Prior to versions 1.28.6 and 1.29.2, when a RequestAuthentication resource is created with a jwksUri pointing to an internal service, istiod makes an unauthenticated HTTP GET request to that URL without filtering out localhos...

5CVSS5.7AI score0.00329EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.10 views

Istio 代码问题漏洞

Istio is an open-source platform that connects, manages, and protects microservices. Versions of Istio prior to 1.28.6 and 1.29.2 have code vulnerabilities. These vulnerabilities arise when creating a RequestAuthentication resource that points to an internal service’s jwksUri, and Istio does not...

7.7CVSS5.9AI score0.00329EPSS
Exploits0References1
Snyk
Snyk
added 2026/04/16 9:38 p.m.5 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the jwksUri field of the RequestAuthentication resource. An attacker can access internal network resources by specifying a URL pointing to an internal service, causing the system to make unauthenticat...

7.7CVSS5.8AI score0.00329EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/16 9:38 p.m.1 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the jwksUri field of the RequestAuthentication resource. An attacker can access internal network resources by specifying a URL pointing to an internal service, causing the system to make unauthenticat...

7.7CVSS5.8AI score0.00329EPSS
Exploits0References2
OSV
OSV
added 2026/04/16 9:38 p.m.35 views

GHSA-FGW5-HP8F-XFHC Istio: SSRF via RequestAuthentication jwksUri

Impact When a RequestAuthentication resource is created with a jwksUri pointing to an internal service, istiod makes an unauthenticated HTTP GET request to that URL without filtering out localhost or link local ips. This can result in sensitive data being distributed to Envoy proxies via xDS...

5CVSS5.8AI score0.00329EPSS
Exploits0References5
OSV
OSV
added 2026/01/20 3:33 p.m.4 views

GHSA-7VW6-5Q2F-7W5R Keycloak’s OpenID Connect Dynamic Client Registration feature affected by Server-Side Request Forgery (SSRF)

A flaw was identified in Keycloak’s OpenID Connect Dynamic Client Registration feature when clients authenticate using privatekeyjwt. The issue allows a client to specify an arbitrary jwksuri, which Keycloak then retrieves without validating the destination. This enables attackers to coerce the...

5.8CVSS6AI score0.00363EPSS
Exploits0References7
Github Security Blog
Github Security Blog
added 2026/01/20 3:33 p.m.9 views

Keycloak’s OpenID Connect Dynamic Client Registration feature affected by Server-Side Request Forgery (SSRF)

A flaw was identified in Keycloak’s OpenID Connect Dynamic Client Registration feature when clients authenticate using privatekeyjwt. The issue allows a client to specify an arbitrary jwksuri, which Keycloak then retrieves without validating the destination. This enables attackers to coerce the...

5.8CVSS5.7AI score0.00363EPSS
Exploits0References7Affected Software1
Snyk
Snyk
added 2026/01/20 1:46 p.m.3 views

Server-side Request Forgery (SSRF)

Overview org.keycloak:keycloak-services is an open source identity and access management solution for modern applications and services. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the jwksuri parameter in the OpenID Connect Dynamic Client Registration...

6.9CVSS5.9AI score0.00363EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/01/20 12:33 p.m.21 views

CVE-2026-1180 Org.keycloak.protocol.oidc: blind server-side request forgery (ssrf) in keycloak oidc dynamic client registration via jwks_uri

A flaw was identified in Keycloak’s OpenID Connect Dynamic Client Registration feature when clients authenticate using privatekeyjwt. The issue allows a client to specify an arbitrary jwksuri, which Keycloak then retrieves without validating the destination. This enables attackers to coerce the...

5.8CVSS0.00363EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/01/20 12:33 p.m.3 views

CVE-2026-1180 Org.keycloak.protocol.oidc: blind server-side request forgery (ssrf) in keycloak oidc dynamic client registration via jwks_uri

A flaw was identified in Keycloak’s OpenID Connect Dynamic Client Registration feature when clients authenticate using privatekeyjwt. The issue allows a client to specify an arbitrary jwksuri, which Keycloak then retrieves without validating the destination. This enables attackers to coerce the...

5.8CVSS5.7AI score0.00363EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/01/20 12:33 p.m.5 views

CVE-2026-1180

A flaw was identified in Keycloak’s OpenID Connect Dynamic Client Registration feature when clients authenticate using privatekeyjwt. The issue allows a client to specify an arbitrary jwksuri, which Keycloak then retrieves without validating the destination. This enables attackers to coerce the...

5.8CVSS5.5AI score0.00363EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/01/20 12:0 a.m.10 views

Keycloak code issues and vulnerabilities

Keycloak is an open-source identity and access management solution developed by Keycloak itself. Keycloak has code-related vulnerabilities; these vulnerabilities stem from the lack of verification of the jwksuri target, which may lead to information leaks and reconnaissance risks...

5.8CVSS5.8AI score0.00363EPSS
Exploits0References3
OSV
OSV
added 2025/12/08 10:20 p.m.5 views

GHSA-V959-QXV6-6F8P ZITADEL Vulnerable to Account Takeover via DOM-Based XSS in Zitadel V2 Login

Summary A potential vulnerability exists in ZITADEL's logout endpoint in login V2. This endpoint accepts serval parameters including a postlogoutredirect. When this parameter is specified, users will be redirected to the site that is provided via this parameter. ZITADEL's login UI did not ensure...

8CVSS7AI score0.00265EPSS
Exploits0References4
Rows per page
Query Builder