CVE-2024-1233

EPSS 0.18%
Veröffentlicht 09.04.2024 07:15:08
Zuletzt bearbeitet 21.11.2024 08:50:07
Quelle secalert@redhat.com
Teams Watchlist Login
Unerledigt Login

A flaw was found in` JwtValidator.resolvePublicKey` in JBoss EAP, where the validator checks jku and sends a HTTP request. During this process, no whitelisting or other filtering behavior is performed on the destination URL address, which may result in a server-side request forgery (SSRF) vulnerability.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 15

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

Collection URLhttps://github.com/wildfly/wildfly

≫

Paket wildfly

Default Statusunaffected

Version < 32.0.0.Final

Version 0

Status affected

HerstellerRed Hat

≫

Produkt Important: Red Hat JBoss Enterprise Application Platform 7.4.17 Security update

Default Statusunaffected

HerstellerRed Hat

≫

Produkt Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7

Default Statusaffected

Version < *

Version 0:3.0.1-4.b08_redhat_00005.1.ep7.el7

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7

Default Statusaffected

Version < *

Version 0:5.1.17-3.Final_redhat_00004.1.ep7.el7

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7

Default Statusaffected

Version < *

Version 0:2.8.11.6-3.SP1_redhat_00003.1.ep7.el7

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7

Default Statusaffected

Version < *

Version 0:4.0.12-1.Final_redhat_00002.1.ep7.el7

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7

Default Statusaffected

Version < *

Version 0:4.1.63-2.Final_redhat_00003.1.ep7.el7

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7

Default Statusaffected

Version < *

Version 0:1.4.18-16.SP14_redhat_00001.1.ep7.el7

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7

Default Statusaffected

Version < *

Version 0:7.1.11-4.GA_redhat_00002.1.ep7.el7

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7

Default Statusaffected

Version < *

Version 0:1.1.14-1.Final_redhat_00001.1.ep7.el7

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7

Default Statusaffected

Version < *

Version 0:1.0.21-1.Final_redhat_00001.1.ep7.el7

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7

Default Statusaffected

Version < *

Version 0:1.0.13-1.Final_redhat_00001.1.ep7.el7

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7

Default Statusaffected

Version < *

Version 0:1.0.12-1.Final_redhat_00001.1.ep7.el7

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7

Default Statusaffected

Version < *

Version 0:1.0.12-6.Final_redhat_00001.1.ep7.el7

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7

Default Statusaffected

Version < *

Version 0:2.10.4-3.redhat_00006.1.el7eap

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7

Default Statusaffected

Version < *

Version 0:2.10.4-3.redhat_00006.1.el7eap

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7

Default Statusaffected

Version < *

Version 0:2.10.4-5.redhat_00006.1.el7eap

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7

Default Statusaffected

Version < *

Version 0:2.10.4-3.redhat_00006.1.el7eap

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7

Default Statusaffected

Version < *

Version 0:2.10.4-5.redhat_00006.1.el7eap

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7

Default Statusaffected

Version < *

Version 0:2.10.4-2.redhat_00006.1.el7eap

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7

Default Statusaffected

Version < *

Version 0:1.7.2-16.Final_redhat_00017.1.el7eap

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7

Default Statusaffected

Version < *

Version 0:4.1.63-5.Final_redhat_00003.1.el7eap

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7

Default Statusaffected

Version < *

Version 0:2.0.41-4.SP5_redhat_00001.1.el7eap

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7

Default Statusaffected

Version < *

Version 0:7.3.14-3.GA_redhat_00002.1.el7eap

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7

Default Statusaffected

Version < *

Version 0:1.10.17-1.Final_redhat_00001.1.el7eap

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8

Default Statusaffected

Version < *

Version 0:3.5.8-1.redhat_00001.1.el8eap

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8

Default Statusaffected

Version < *

Version 0:3.3.22-1.Final_redhat_00001.1.el8eap

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8

Default Statusaffected

Version < *

Version 0:11.0.19-2.Final_redhat_00001.1.el8eap

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8

Default Statusaffected

Version < *

Version 0:4.0.54-3.Final_redhat_00001.1.el8eap

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8

Default Statusaffected

Version < *

Version 0:3.0.0-8.SP08_redhat_00001.1.el8eap

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8

Default Statusaffected

Version < *

Version 0:13.5.0-1.Final_redhat_00001.1.el8eap

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8

Default Statusaffected

Version < *

Version 0:1.12.3-3.Final_redhat_00001.1.el8eap

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8

Default Statusaffected

Version < *

Version 0:1.10.0-36.Final_redhat_00035.1.el8eap

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8

Default Statusaffected

Version < *

Version 0:2.2.32-1.SP1_redhat_00001.1.el8eap

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8

Default Statusaffected

Version < *

Version 0:7.4.17-2.GA_redhat_00002.1.el8eap

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8

Default Statusaffected

Version < *

Version 0:1.2.4-1.Final_redhat_00001.1.el8eap

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8

Default Statusaffected

Version < *

Version 0:1.15.23-2.Final_redhat_00001.1.el8eap

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8

Default Statusaffected

Version < *

Version 0:1.1.17-1.Final_redhat_00002.1.el8eap

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8

Default Statusaffected

Version < *

Version 0:1.1.19-1.Final_redhat_00001.1.el8eap

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8

Default Statusaffected

Version < *

Version 0:2.4.3-1.redhat_00001.1.el8eap

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8

Default Statusaffected

Version < *

Version 0:2.3.4-1.redhat_00002.1.el8eap

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9

Default Statusaffected

Version < *

Version 0:3.5.8-1.redhat_00001.1.el9eap

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9

Default Statusaffected

Version < *

Version 0:3.3.22-1.Final_redhat_00001.1.el9eap

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9

Default Statusaffected

Version < *

Version 0:11.0.19-2.Final_redhat_00001.1.el9eap

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9

Default Statusaffected

Version < *

Version 0:4.0.54-3.Final_redhat_00001.1.el9eap

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9

Default Statusaffected

Version < *

Version 0:3.0.0-8.SP08_redhat_00001.1.el9eap

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9

Default Statusaffected

Version < *

Version 0:13.5.0-1.Final_redhat_00001.1.el9eap

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9

Default Statusaffected

Version < *

Version 0:1.12.3-3.Final_redhat_00001.1.el9eap

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9

Default Statusaffected

Version < *

Version 0:1.10.0-36.Final_redhat_00035.1.el9eap

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9

Default Statusaffected

Version < *

Version 0:2.2.32-1.SP1_redhat_00001.1.el9eap

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9

Default Statusaffected

Version < *

Version 0:7.4.17-2.GA_redhat_00002.1.el9eap

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9

Default Statusaffected

Version < *

Version 0:1.2.4-1.Final_redhat_00001.1.el9eap

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9

Default Statusaffected

Version < *

Version 0:1.15.23-2.Final_redhat_00001.1.el9eap

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9

Default Statusaffected

Version < *

Version 0:1.1.17-1.Final_redhat_00002.1.el9eap

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9

Default Statusaffected

Version < *

Version 0:1.1.19-1.Final_redhat_00001.1.el9eap

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9

Default Statusaffected

Version < *

Version 0:2.4.3-1.redhat_00001.1.el9eap

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9

Default Statusaffected

Version < *

Version 0:2.3.4-1.redhat_00002.1.el9eap

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7

Default Statusaffected

Version < *

Version 0:1.15.23-2.Final_redhat_00001.1.el7eap

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat JBoss Enterprise Application Platform 8

Default Statusunaffected

HerstellerRed Hat

≫

Produkt Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8

Default Statusaffected

Version < *

Version 0:4.0.1-1.Final_redhat_00001.1.el8eap

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8

Default Statusaffected

Version < *

Version 0:2.2.4-2.SP01_redhat_00001.1.el8eap

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9

Default Statusaffected

Version < *

Version 0:4.0.1-1.Final_redhat_00001.1.el9eap

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9

Default Statusaffected

Version < *

Version 0:2.2.4-2.SP01_redhat_00001.1.el9eap

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat JBoss Enterprise Application Platform Expansion Pack

Default Statusaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.18%	0.396

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
secalert@redhat.com	7.3	3.9	3.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CWE-918 Server-Side Request Forgery (SSRF)

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

https://access.redhat.com/errata/RHSA-2024:3559

https://access.redhat.com/errata/RHSA-2024:3560

https://access.redhat.com/errata/RHSA-2024:3561

https://access.redhat.com/errata/RHSA-2024:3563

https://access.redhat.com/errata/RHSA-2024:3580

https://access.redhat.com/errata/RHSA-2024:3581

https://access.redhat.com/errata/RHSA-2024:3583

https://access.redhat.com/security/cve/CVE-2024-1233

https://bugzilla.redhat.com/show_bug.cgi?id=2262849

https://github.com/advisories/GHSA-v4mm-q8fv-r2w5

https://github.com/wildfly/wildfly/pull/17812/commits/0c02350bc0d84287bed46e7c32f90b36e50d3523

https://issues.redhat.com/browse/WFLY-19226

https://nvd.nist.gov/vuln/detail/CVE-2024-1233

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-1233

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-1233

EUVD