CVE-2024-1233

EPSS 0.18%
Veröffentlicht 09.04.2024 07:15:08
Zuletzt bearbeitet 15.04.2026 00:35:42
Quelle secalert@redhat.com
CVE-Watchlists
Login
Unerledigt
Login

Eap: wildfly-elytron has a ssrf security issue

A flaw was found in` JwtValidator.resolvePublicKey` in JBoss EAP, where the validator checks jku and sends a HTTP request. During this process, no whitelisting or other filtering behavior is performed on the destination URL address, which may result in a server-side request forgery (SSRF) vulnerability.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 17

CNA 64 VulnDex Vulnerability Enrichment 2

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

Collection URLhttps://github.com/wildfly/wildfly

≫

Paket wildfly

Default Statusunaffected

Version 0

Version < 32.0.0.Final

Status affected

HerstellerRed Hat

≫

Produkt Red Hat JBoss Enterprise Application Platform

Default Statusaffected

Version 1.15.23.Final-redhat-00001

Version < *

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7

Default Statusaffected

Version 0:3.0.1-4.b08_redhat_00005.1.ep7.el7

Version < *

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7

Default Statusaffected

Version 0:5.1.17-3.Final_redhat_00004.1.ep7.el7

Version < *

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7

Default Statusaffected

Version 0:2.8.11.6-3.SP1_redhat_00003.1.ep7.el7

Version < *

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7

Default Statusaffected

Version 0:4.0.12-1.Final_redhat_00002.1.ep7.el7

Version < *

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7

Default Statusaffected

Version 0:4.1.63-2.Final_redhat_00003.1.ep7.el7

Version < *

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7

Default Statusaffected

Version 0:1.4.18-16.SP14_redhat_00001.1.ep7.el7

Version < *

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7

Default Statusaffected

Version 0:7.1.11-4.GA_redhat_00002.1.ep7.el7

Version < *

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7

Default Statusaffected

Version 0:1.1.14-1.Final_redhat_00001.1.ep7.el7

Version < *

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7

Default Statusaffected

Version 0:1.0.21-1.Final_redhat_00001.1.ep7.el7

Version < *

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7

Default Statusaffected

Version 0:1.0.13-1.Final_redhat_00001.1.ep7.el7

Version < *

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7

Default Statusaffected

Version 0:1.0.12-1.Final_redhat_00001.1.ep7.el7

Version < *

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7

Default Statusaffected

Version 0:1.0.12-6.Final_redhat_00001.1.ep7.el7

Version < *

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7

Default Statusaffected

Version 0:2.10.4-3.redhat_00006.1.el7eap

Version < *

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7

Default Statusaffected

Version 0:2.10.4-3.redhat_00006.1.el7eap

Version < *

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7

Default Statusaffected

Version 0:2.10.4-5.redhat_00006.1.el7eap

Version < *

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7

Default Statusaffected

Version 0:2.10.4-3.redhat_00006.1.el7eap

Version < *

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7

Default Statusaffected

Version 0:2.10.4-5.redhat_00006.1.el7eap

Version < *

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7

Default Statusaffected

Version 0:2.10.4-2.redhat_00006.1.el7eap

Version < *

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7

Default Statusaffected

Version 0:1.7.2-16.Final_redhat_00017.1.el7eap

Version < *

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7

Default Statusaffected

Version 0:4.1.63-5.Final_redhat_00003.1.el7eap

Version < *

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7

Default Statusaffected

Version 0:2.0.41-4.SP5_redhat_00001.1.el7eap

Version < *

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7

Default Statusaffected

Version 0:7.3.14-3.GA_redhat_00002.1.el7eap

Version < *

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7

Default Statusaffected

Version 0:1.10.17-1.Final_redhat_00001.1.el7eap

Version < *

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8

Default Statusaffected

Version 0:3.5.8-1.redhat_00001.1.el8eap

Version < *

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8

Default Statusaffected

Version 0:3.3.22-1.Final_redhat_00001.1.el8eap

Version < *

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8

Default Statusaffected

Version 0:11.0.19-2.Final_redhat_00001.1.el8eap

Version < *

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8

Default Statusaffected

Version 0:4.0.54-3.Final_redhat_00001.1.el8eap

Version < *

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8

Default Statusaffected

Version 0:3.0.0-8.SP08_redhat_00001.1.el8eap

Version < *

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8

Default Statusaffected

Version 0:13.5.0-1.Final_redhat_00001.1.el8eap

Version < *

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8

Default Statusaffected

Version 0:1.12.3-3.Final_redhat_00001.1.el8eap

Version < *

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8

Default Statusaffected

Version 0:1.10.0-36.Final_redhat_00035.1.el8eap

Version < *

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8

Default Statusaffected

Version 0:2.2.32-1.SP1_redhat_00001.1.el8eap

Version < *

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8

Default Statusaffected

Version 0:7.4.17-2.GA_redhat_00002.1.el8eap

Version < *

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8

Default Statusaffected

Version 0:1.2.4-1.Final_redhat_00001.1.el8eap

Version < *

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8

Default Statusaffected

Version 0:1.15.23-2.Final_redhat_00001.1.el8eap

Version < *

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8

Default Statusaffected

Version 0:1.1.17-1.Final_redhat_00002.1.el8eap

Version < *

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8

Default Statusaffected

Version 0:1.1.19-1.Final_redhat_00001.1.el8eap

Version < *

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8

Default Statusaffected

Version 0:2.4.3-1.redhat_00001.1.el8eap

Version < *

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8

Default Statusaffected

Version 0:2.3.4-1.redhat_00002.1.el8eap

Version < *

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9

Default Statusaffected

Version 0:3.5.8-1.redhat_00001.1.el9eap

Version < *

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9

Default Statusaffected

Version 0:3.3.22-1.Final_redhat_00001.1.el9eap

Version < *

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9

Default Statusaffected

Version 0:11.0.19-2.Final_redhat_00001.1.el9eap

Version < *

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9

Default Statusaffected

Version 0:4.0.54-3.Final_redhat_00001.1.el9eap

Version < *

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9

Default Statusaffected

Version 0:3.0.0-8.SP08_redhat_00001.1.el9eap

Version < *

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9

Default Statusaffected

Version 0:13.5.0-1.Final_redhat_00001.1.el9eap

Version < *

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9

Default Statusaffected

Version 0:1.12.3-3.Final_redhat_00001.1.el9eap

Version < *

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9

Default Statusaffected

Version 0:1.10.0-36.Final_redhat_00035.1.el9eap

Version < *

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9

Default Statusaffected

Version 0:2.2.32-1.SP1_redhat_00001.1.el9eap

Version < *

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9

Default Statusaffected

Version 0:7.4.17-2.GA_redhat_00002.1.el9eap

Version < *

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9

Default Statusaffected

Version 0:1.2.4-1.Final_redhat_00001.1.el9eap

Version < *

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9

Default Statusaffected

Version 0:1.15.23-2.Final_redhat_00001.1.el9eap

Version < *

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9

Default Statusaffected

Version 0:1.1.17-1.Final_redhat_00002.1.el9eap

Version < *

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9

Default Statusaffected

Version 0:1.1.19-1.Final_redhat_00001.1.el9eap

Version < *

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9

Default Statusaffected

Version 0:2.4.3-1.redhat_00001.1.el9eap

Version < *

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9

Default Statusaffected

Version 0:2.3.4-1.redhat_00002.1.el9eap

Version < *

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7

Default Statusaffected

Version 0:1.15.23-2.Final_redhat_00001.1.el7eap

Version < *

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat JBoss Enterprise Application Platform 8

Default Statusunaffected

HerstellerRed Hat

≫

Produkt Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8

Default Statusaffected

Version 0:4.0.1-1.Final_redhat_00001.1.el8eap

Version < *

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8

Default Statusaffected

Version 0:2.2.4-2.SP01_redhat_00001.1.el8eap

Version < *

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9

Default Statusaffected

Version 0:4.0.1-1.Final_redhat_00001.1.el9eap

Version < *

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9

Default Statusaffected

Version 0:2.2.4-2.SP01_redhat_00001.1.el9eap

Version < *

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat JBoss Enterprise Application Platform Expansion Pack

Default Statusaffected

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.18%	0.396

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
secalert@redhat.com	7.3	3.9	3.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CWE-918 Server-Side Request Forgery (SSRF)

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

https://access.redhat.com/errata/RHSA-2024:3559

https://access.redhat.com/errata/RHSA-2024:3560

https://access.redhat.com/errata/RHSA-2024:3561

https://access.redhat.com/errata/RHSA-2024:3563

https://access.redhat.com/errata/RHSA-2024:3580

https://access.redhat.com/errata/RHSA-2024:3581

https://access.redhat.com/errata/RHSA-2024:3583

https://access.redhat.com/security/cve/CVE-2024-1233

https://bugzilla.redhat.com/show_bug.cgi?id=2262849

https://github.com/advisories/GHSA-v4mm-q8fv-r2w5

https://github.com/wildfly/wildfly/pull/17812/commits/0c02350bc0d84287bed46e7c32f90b36e50d3523

https://issues.redhat.com/browse/WFLY-19226