7.3

CVE-2024-1233

Eap: wildfly-elytron has a ssrf security issue

A flaw was found in` JwtValidator.resolvePublicKey` in JBoss EAP, where the validator checks jku and sends a HTTP request. During this process, no whitelisting or other filtering behavior is performed on the destination URL address, which may result in a server-side request forgery (SSRF) vulnerability.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
Collection URLhttps://github.com/wildfly/wildfly
Paket wildfly
Default Statusunaffected
Version 0
Version < 32.0.0.Final
Status affected
HerstellerRed Hat
Produkt Red Hat JBoss Enterprise Application Platform
Default Statusaffected
Version 1.15.23.Final-redhat-00001
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7
Default Statusaffected
Version 0:3.0.1-4.b08_redhat_00005.1.ep7.el7
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7
Default Statusaffected
Version 0:5.1.17-3.Final_redhat_00004.1.ep7.el7
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7
Default Statusaffected
Version 0:2.8.11.6-3.SP1_redhat_00003.1.ep7.el7
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7
Default Statusaffected
Version 0:4.0.12-1.Final_redhat_00002.1.ep7.el7
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7
Default Statusaffected
Version 0:4.1.63-2.Final_redhat_00003.1.ep7.el7
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7
Default Statusaffected
Version 0:1.4.18-16.SP14_redhat_00001.1.ep7.el7
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7
Default Statusaffected
Version 0:7.1.11-4.GA_redhat_00002.1.ep7.el7
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7
Default Statusaffected
Version 0:1.1.14-1.Final_redhat_00001.1.ep7.el7
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7
Default Statusaffected
Version 0:1.0.21-1.Final_redhat_00001.1.ep7.el7
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7
Default Statusaffected
Version 0:1.0.13-1.Final_redhat_00001.1.ep7.el7
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7
Default Statusaffected
Version 0:1.0.12-1.Final_redhat_00001.1.ep7.el7
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7
Default Statusaffected
Version 0:1.0.12-6.Final_redhat_00001.1.ep7.el7
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7
Default Statusaffected
Version 0:2.10.4-3.redhat_00006.1.el7eap
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7
Default Statusaffected
Version 0:2.10.4-3.redhat_00006.1.el7eap
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7
Default Statusaffected
Version 0:2.10.4-5.redhat_00006.1.el7eap
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7
Default Statusaffected
Version 0:2.10.4-3.redhat_00006.1.el7eap
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7
Default Statusaffected
Version 0:2.10.4-5.redhat_00006.1.el7eap
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7
Default Statusaffected
Version 0:2.10.4-2.redhat_00006.1.el7eap
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7
Default Statusaffected
Version 0:1.7.2-16.Final_redhat_00017.1.el7eap
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7
Default Statusaffected
Version 0:4.1.63-5.Final_redhat_00003.1.el7eap
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7
Default Statusaffected
Version 0:2.0.41-4.SP5_redhat_00001.1.el7eap
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7
Default Statusaffected
Version 0:7.3.14-3.GA_redhat_00002.1.el7eap
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7
Default Statusaffected
Version 0:1.10.17-1.Final_redhat_00001.1.el7eap
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8
Default Statusaffected
Version 0:3.5.8-1.redhat_00001.1.el8eap
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8
Default Statusaffected
Version 0:3.3.22-1.Final_redhat_00001.1.el8eap
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8
Default Statusaffected
Version 0:11.0.19-2.Final_redhat_00001.1.el8eap
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8
Default Statusaffected
Version 0:4.0.54-3.Final_redhat_00001.1.el8eap
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8
Default Statusaffected
Version 0:3.0.0-8.SP08_redhat_00001.1.el8eap
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8
Default Statusaffected
Version 0:13.5.0-1.Final_redhat_00001.1.el8eap
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8
Default Statusaffected
Version 0:1.12.3-3.Final_redhat_00001.1.el8eap
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8
Default Statusaffected
Version 0:1.10.0-36.Final_redhat_00035.1.el8eap
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8
Default Statusaffected
Version 0:2.2.32-1.SP1_redhat_00001.1.el8eap
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8
Default Statusaffected
Version 0:7.4.17-2.GA_redhat_00002.1.el8eap
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8
Default Statusaffected
Version 0:1.2.4-1.Final_redhat_00001.1.el8eap
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8
Default Statusaffected
Version 0:1.15.23-2.Final_redhat_00001.1.el8eap
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8
Default Statusaffected
Version 0:1.1.17-1.Final_redhat_00002.1.el8eap
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8
Default Statusaffected
Version 0:1.1.19-1.Final_redhat_00001.1.el8eap
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8
Default Statusaffected
Version 0:2.4.3-1.redhat_00001.1.el8eap
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8
Default Statusaffected
Version 0:2.3.4-1.redhat_00002.1.el8eap
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9
Default Statusaffected
Version 0:3.5.8-1.redhat_00001.1.el9eap
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9
Default Statusaffected
Version 0:3.3.22-1.Final_redhat_00001.1.el9eap
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9
Default Statusaffected
Version 0:11.0.19-2.Final_redhat_00001.1.el9eap
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9
Default Statusaffected
Version 0:4.0.54-3.Final_redhat_00001.1.el9eap
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9
Default Statusaffected
Version 0:3.0.0-8.SP08_redhat_00001.1.el9eap
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9
Default Statusaffected
Version 0:13.5.0-1.Final_redhat_00001.1.el9eap
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9
Default Statusaffected
Version 0:1.12.3-3.Final_redhat_00001.1.el9eap
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9
Default Statusaffected
Version 0:1.10.0-36.Final_redhat_00035.1.el9eap
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9
Default Statusaffected
Version 0:2.2.32-1.SP1_redhat_00001.1.el9eap
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9
Default Statusaffected
Version 0:7.4.17-2.GA_redhat_00002.1.el9eap
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9
Default Statusaffected
Version 0:1.2.4-1.Final_redhat_00001.1.el9eap
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9
Default Statusaffected
Version 0:1.15.23-2.Final_redhat_00001.1.el9eap
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9
Default Statusaffected
Version 0:1.1.17-1.Final_redhat_00002.1.el9eap
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9
Default Statusaffected
Version 0:1.1.19-1.Final_redhat_00001.1.el9eap
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9
Default Statusaffected
Version 0:2.4.3-1.redhat_00001.1.el9eap
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9
Default Statusaffected
Version 0:2.3.4-1.redhat_00002.1.el9eap
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7
Default Statusaffected
Version 0:1.15.23-2.Final_redhat_00001.1.el7eap
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat JBoss Enterprise Application Platform 8
Default Statusunaffected
HerstellerRed Hat
Produkt Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8
Default Statusaffected
Version 0:4.0.1-1.Final_redhat_00001.1.el8eap
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8
Default Statusaffected
Version 0:2.2.4-2.SP01_redhat_00001.1.el8eap
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9
Default Statusaffected
Version 0:4.0.1-1.Final_redhat_00001.1.el9eap
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9
Default Statusaffected
Version 0:2.2.4-2.SP01_redhat_00001.1.el9eap
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat JBoss Enterprise Application Platform Expansion Pack
Default Statusaffected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.78% 0.51
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
secalert@redhat.com 7.3 3.9 3.4
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
CWE-918 Server-Side Request Forgery (SSRF)

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

https://access.redhat.com/errata/RHSA-2024:3559
https://access.redhat.com/errata/RHSA-2024:3560
https://access.redhat.com/errata/RHSA-2024:3561
https://access.redhat.com/errata/RHSA-2024:3563
https://access.redhat.com/errata/RHSA-2024:3580
https://access.redhat.com/errata/RHSA-2024:3581
https://access.redhat.com/errata/RHSA-2024:3583
https://access.redhat.com/security/cve/CVE-2024-1233
https://bugzilla.redhat.com/show_bug.cgi?id=2262849
https://github.com/advisories/GHSA-v4mm-q8fv-r2w5
https://github.com/wildfly/wildfly/pull/17812/commits/0c02350bc0d84287bed46e7c32f90b36e50d3523
https://issues.redhat.com/browse/WFLY-19226
https://access.redhat.com/errata/RHSA-2025:9582
https://access.redhat.com/errata/RHSA-2025:9583