MITREid Connect is vulnerable to Server Side Request Forgery (SSRF). An attacker is able to request any URL accessible from the authorization server and display its content, leading to a Server Side Request Forgery attack via logo_uri
parameter during registration process. Moreover, a lack of enforcement for any image “Content-Type” header allows an attacker to display arbitrary HTML content from their own URL. If this HTML contains malicious JavaScript code, it will be executed within the authorization server domain.
CPE | Name | Operator | Version |
---|---|---|---|
openid connect server library | le | 1.3.3 |