6 matches found
WildFly Elytron: SSRF security issue
A flaw was found in JwtValidator.resolvePublicKey in JBoss EAP, where the validator checks jku and sends a HTTP request. During this process, no whitelisting or other filtering behavior is performed on the destination URL address, which may result in a server-side request forgery SSRF vulnerabili...
CVE-2024-1233
A flaw was found in JwtValidator.resolvePublicKey in JBoss EAP, where the validator checks jku and sends a HTTP request. During this process, no whitelisting or other filtering behavior is performed on the destination URL address, which may result in a server-side request forgery SSRF vulnerabili...
CVE-2024-1233 Eap: wildfly-elytron has a ssrf security issue
A flaw was found in JwtValidator.resolvePublicKey in JBoss EAP, where the validator checks jku and sends a HTTP request. During this process, no whitelisting or other filtering behavior is performed on the destination URL address, which may result in a server-side request forgery SSRF vulnerabili...
CVE-2024-1233
CVE-2024-1233 describes an SSRF in JwtValidator.resolvePublicKey in Red Hat JBoss EAP, where jku is used to fetch a public key without proper URL whitelisting. This may allow server-side requests to arbitrary destinations. Connected Red Hat advisories (RHSA-2025:9582/9583) note affected EAP versi...
CVE-2024-1233
A flaw was found in JwtValidator.resolvePublicKey in JBoss EAP, where the validator checks jku and sends a HTTP request. During this process, no whitelisting or other filtering behavior is performed on the destination URL address, which may result in a server-side request forgery SSRF...
PT-2024-17546 · Red Hat · Jboss Eap
Name of the Vulnerable Software and Affected Versions: JBoss EAP affected versions not specified Description: A flaw was found in JwtValidator.resolvePublicKey in JBoss EAP, where the validator checks jku and sends a HTTP request. During this process, no whitelisting or other filtering behavior i...