CVE-2024-1233

EPSS 0.18%
Published 09.04.2024 07:15:08
Last modified 21.11.2024 08:50:07
Source secalert@redhat.com
Teams watchlist Login
Open Login

A flaw was found in` JwtValidator.resolvePublicKey` in JBoss EAP, where the validator checks jku and sends a HTTP request. During this process, no whitelisting or other filtering behavior is performed on the destination URL address, which may result in a server-side request forgery (SSRF) vulnerability.

Affected products Warnungen 0 Metrics 2 CWE 1 References 15

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

This information is available to logged-in users.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

Collection URLhttps://github.com/wildfly/wildfly

≫

Package wildfly

Default Statusunaffected

Version < 32.0.0.Final

Version 0

Status affected

VendorRed Hat

≫

Product Important: Red Hat JBoss Enterprise Application Platform 7.4.17 Security update

Default Statusunaffected

VendorRed Hat

≫

Product Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7

Default Statusaffected

Version < *

Version 0:3.0.1-4.b08_redhat_00005.1.ep7.el7

Status unaffected

VendorRed Hat

≫

Product Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7

Default Statusaffected

Version < *

Version 0:5.1.17-3.Final_redhat_00004.1.ep7.el7

Status unaffected

VendorRed Hat

≫

Product Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7

Default Statusaffected

Version < *

Version 0:2.8.11.6-3.SP1_redhat_00003.1.ep7.el7

Status unaffected

VendorRed Hat

≫

Product Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7

Default Statusaffected

Version < *

Version 0:4.0.12-1.Final_redhat_00002.1.ep7.el7

Status unaffected

VendorRed Hat

≫

Product Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7

Default Statusaffected

Version < *

Version 0:4.1.63-2.Final_redhat_00003.1.ep7.el7

Status unaffected

VendorRed Hat

≫

Product Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7

Default Statusaffected

Version < *

Version 0:1.4.18-16.SP14_redhat_00001.1.ep7.el7

Status unaffected

VendorRed Hat

≫

Product Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7

Default Statusaffected

Version < *

Version 0:7.1.11-4.GA_redhat_00002.1.ep7.el7

Status unaffected

VendorRed Hat

≫

Product Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7

Default Statusaffected

Version < *

Version 0:1.1.14-1.Final_redhat_00001.1.ep7.el7

Status unaffected

VendorRed Hat

≫

Product Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7

Default Statusaffected

Version < *

Version 0:1.0.21-1.Final_redhat_00001.1.ep7.el7

Status unaffected

VendorRed Hat

≫

Product Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7

Default Statusaffected

Version < *

Version 0:1.0.13-1.Final_redhat_00001.1.ep7.el7

Status unaffected

VendorRed Hat

≫

Product Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7

Default Statusaffected

Version < *

Version 0:1.0.12-1.Final_redhat_00001.1.ep7.el7

Status unaffected

VendorRed Hat

≫

Product Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7

Default Statusaffected

Version < *

Version 0:1.0.12-6.Final_redhat_00001.1.ep7.el7

Status unaffected

VendorRed Hat

≫

Product Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7

Default Statusaffected

Version < *

Version 0:2.10.4-3.redhat_00006.1.el7eap

Status unaffected

VendorRed Hat

≫

Product Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7

Default Statusaffected

Version < *

Version 0:2.10.4-3.redhat_00006.1.el7eap

Status unaffected

VendorRed Hat

≫

Product Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7

Default Statusaffected

Version < *

Version 0:2.10.4-5.redhat_00006.1.el7eap

Status unaffected

VendorRed Hat

≫

Product Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7

Default Statusaffected

Version < *

Version 0:2.10.4-3.redhat_00006.1.el7eap

Status unaffected

VendorRed Hat

≫

Product Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7

Default Statusaffected

Version < *

Version 0:2.10.4-5.redhat_00006.1.el7eap

Status unaffected

VendorRed Hat

≫

Product Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7

Default Statusaffected

Version < *

Version 0:2.10.4-2.redhat_00006.1.el7eap

Status unaffected

VendorRed Hat

≫

Product Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7

Default Statusaffected

Version < *

Version 0:1.7.2-16.Final_redhat_00017.1.el7eap

Status unaffected

VendorRed Hat

≫

Product Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7

Default Statusaffected

Version < *

Version 0:4.1.63-5.Final_redhat_00003.1.el7eap

Status unaffected

VendorRed Hat

≫

Product Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7

Default Statusaffected

Version < *

Version 0:2.0.41-4.SP5_redhat_00001.1.el7eap

Status unaffected

VendorRed Hat

≫

Product Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7

Default Statusaffected

Version < *

Version 0:7.3.14-3.GA_redhat_00002.1.el7eap

Status unaffected

VendorRed Hat

≫

Product Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7

Default Statusaffected

Version < *

Version 0:1.10.17-1.Final_redhat_00001.1.el7eap

Status unaffected

VendorRed Hat

≫

Product Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8

Default Statusaffected

Version < *

Version 0:3.5.8-1.redhat_00001.1.el8eap

Status unaffected

VendorRed Hat

≫

Product Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8

Default Statusaffected

Version < *

Version 0:3.3.22-1.Final_redhat_00001.1.el8eap

Status unaffected

VendorRed Hat

≫

Product Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8

Default Statusaffected

Version < *

Version 0:11.0.19-2.Final_redhat_00001.1.el8eap

Status unaffected

VendorRed Hat

≫

Product Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8

Default Statusaffected

Version < *

Version 0:4.0.54-3.Final_redhat_00001.1.el8eap

Status unaffected

VendorRed Hat

≫

Product Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8

Default Statusaffected

Version < *

Version 0:3.0.0-8.SP08_redhat_00001.1.el8eap

Status unaffected

VendorRed Hat

≫

Product Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8

Default Statusaffected

Version < *

Version 0:13.5.0-1.Final_redhat_00001.1.el8eap

Status unaffected

VendorRed Hat

≫

Product Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8

Default Statusaffected

Version < *

Version 0:1.12.3-3.Final_redhat_00001.1.el8eap

Status unaffected

VendorRed Hat

≫

Product Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8

Default Statusaffected

Version < *

Version 0:1.10.0-36.Final_redhat_00035.1.el8eap

Status unaffected

VendorRed Hat

≫

Product Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8

Default Statusaffected

Version < *

Version 0:2.2.32-1.SP1_redhat_00001.1.el8eap

Status unaffected

VendorRed Hat

≫

Product Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8

Default Statusaffected

Version < *

Version 0:7.4.17-2.GA_redhat_00002.1.el8eap

Status unaffected

VendorRed Hat

≫

Product Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8

Default Statusaffected

Version < *

Version 0:1.2.4-1.Final_redhat_00001.1.el8eap

Status unaffected

VendorRed Hat

≫

Product Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8

Default Statusaffected

Version < *

Version 0:1.15.23-2.Final_redhat_00001.1.el8eap

Status unaffected

VendorRed Hat

≫

Product Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8

Default Statusaffected

Version < *

Version 0:1.1.17-1.Final_redhat_00002.1.el8eap

Status unaffected

VendorRed Hat

≫

Product Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8

Default Statusaffected

Version < *

Version 0:1.1.19-1.Final_redhat_00001.1.el8eap

Status unaffected

VendorRed Hat

≫

Product Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8

Default Statusaffected

Version < *

Version 0:2.4.3-1.redhat_00001.1.el8eap

Status unaffected

VendorRed Hat

≫

Product Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8

Default Statusaffected

Version < *

Version 0:2.3.4-1.redhat_00002.1.el8eap

Status unaffected

VendorRed Hat

≫

Product Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9

Default Statusaffected

Version < *

Version 0:3.5.8-1.redhat_00001.1.el9eap

Status unaffected

VendorRed Hat

≫

Product Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9

Default Statusaffected

Version < *

Version 0:3.3.22-1.Final_redhat_00001.1.el9eap

Status unaffected

VendorRed Hat

≫

Product Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9

Default Statusaffected

Version < *

Version 0:11.0.19-2.Final_redhat_00001.1.el9eap

Status unaffected

VendorRed Hat

≫

Product Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9

Default Statusaffected

Version < *

Version 0:4.0.54-3.Final_redhat_00001.1.el9eap

Status unaffected

VendorRed Hat

≫

Product Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9

Default Statusaffected

Version < *

Version 0:3.0.0-8.SP08_redhat_00001.1.el9eap

Status unaffected

VendorRed Hat

≫

Product Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9

Default Statusaffected

Version < *

Version 0:13.5.0-1.Final_redhat_00001.1.el9eap

Status unaffected

VendorRed Hat

≫

Product Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9

Default Statusaffected

Version < *

Version 0:1.12.3-3.Final_redhat_00001.1.el9eap

Status unaffected

VendorRed Hat

≫

Product Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9

Default Statusaffected

Version < *

Version 0:1.10.0-36.Final_redhat_00035.1.el9eap

Status unaffected

VendorRed Hat

≫

Product Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9

Default Statusaffected

Version < *

Version 0:2.2.32-1.SP1_redhat_00001.1.el9eap

Status unaffected

VendorRed Hat

≫

Product Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9

Default Statusaffected

Version < *

Version 0:7.4.17-2.GA_redhat_00002.1.el9eap

Status unaffected

VendorRed Hat

≫

Product Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9

Default Statusaffected

Version < *

Version 0:1.2.4-1.Final_redhat_00001.1.el9eap

Status unaffected

VendorRed Hat

≫

Product Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9

Default Statusaffected

Version < *

Version 0:1.15.23-2.Final_redhat_00001.1.el9eap

Status unaffected

VendorRed Hat

≫

Product Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9

Default Statusaffected

Version < *

Version 0:1.1.17-1.Final_redhat_00002.1.el9eap

Status unaffected

VendorRed Hat

≫

Product Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9

Default Statusaffected

Version < *

Version 0:1.1.19-1.Final_redhat_00001.1.el9eap

Status unaffected

VendorRed Hat

≫

Product Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9

Default Statusaffected

Version < *

Version 0:2.4.3-1.redhat_00001.1.el9eap

Status unaffected

VendorRed Hat

≫

Product Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9

Default Statusaffected

Version < *

Version 0:2.3.4-1.redhat_00002.1.el9eap

Status unaffected

VendorRed Hat

≫

Product Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7

Default Statusaffected

Version < *

Version 0:1.15.23-2.Final_redhat_00001.1.el7eap

Status unaffected

VendorRed Hat

≫

Product Red Hat JBoss Enterprise Application Platform 8

Default Statusunaffected

VendorRed Hat

≫

Product Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8

Default Statusaffected

Version < *

Version 0:4.0.1-1.Final_redhat_00001.1.el8eap

Status unaffected

VendorRed Hat

≫

Product Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8

Default Statusaffected

Version < *

Version 0:2.2.4-2.SP01_redhat_00001.1.el8eap

Status unaffected

VendorRed Hat

≫

Product Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9

Default Statusaffected

Version < *

Version 0:4.0.1-1.Final_redhat_00001.1.el9eap

Status unaffected

VendorRed Hat

≫

Product Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9

Default Statusaffected

Version < *

Version 0:2.2.4-2.SP01_redhat_00001.1.el9eap

Status unaffected

VendorRed Hat

≫

Product Red Hat JBoss Enterprise Application Platform Expansion Pack

Default Statusaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.18%	0.396

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
secalert@redhat.com	7.3	3.9	3.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CWE-918 Server-Side Request Forgery (SSRF)

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

https://access.redhat.com/errata/RHSA-2024:3559

https://access.redhat.com/errata/RHSA-2024:3560

https://access.redhat.com/errata/RHSA-2024:3561

https://access.redhat.com/errata/RHSA-2024:3563

https://access.redhat.com/errata/RHSA-2024:3580

https://access.redhat.com/errata/RHSA-2024:3581

https://access.redhat.com/errata/RHSA-2024:3583

https://access.redhat.com/security/cve/CVE-2024-1233

https://bugzilla.redhat.com/show_bug.cgi?id=2262849

https://github.com/advisories/GHSA-v4mm-q8fv-r2w5

https://github.com/wildfly/wildfly/pull/17812/commits/0c02350bc0d84287bed46e7c32f90b36e50d3523

https://issues.redhat.com/browse/WFLY-19226

https://nvd.nist.gov/vuln/detail/CVE-2024-1233

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-1233

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-1233

EUVD