admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity
cvelist/2024/1xxx/CVE-2024-1233.json

730 lines
42 KiB
JSON
Raw Normal View History

"-Synchronized-Data."
2024-02-05 19:00:37 +00:00
{
"-Synchronized-Data."
2024-04-10 19:05:57 +00:00
"data_version": "4.0",
"-Synchronized-Data."
2024-02-05 19:00:37 +00:00
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2024-1233",
"-Synchronized-Data."
2024-04-10 19:05:57 +00:00
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
"-Synchronized-Data."
2024-02-05 19:00:37 +00:00
},
"description": {
"description_data": [
{
"lang": "eng",
"-Synchronized-Data."
2024-04-10 19:05:57 +00:00
"value": "A flaw was found in` JwtValidator.resolvePublicKey` in JBoss EAP, where the validator checks jku and sends a HTTP request. During this process, no whitelisting or other filtering behavior is performed on the destination URL address, which may result in a server-side request forgery (SSRF) vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"-Synchronized-Data."
2024-05-14 05:00:33 +00:00
"value": "Server-Side Request Forgery (SSRF)",
"cweId": "CWE-918"
"-Synchronized-Data."
2024-04-10 19:05:57 +00:00
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"-Synchronized-Data."
2024-10-29 02:00:37 +00:00
"product_name": "Red Hat JBoss Enterprise Application Platform 7",
"-Synchronized-Data."
2024-04-10 19:05:57 +00:00
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"-Synchronized-Data."
2024-06-03 23:00:33 +00:00
"defaultStatus": "unaffected"
}
}
]
}
},
{
"product_name": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "0:3.5.8-1.redhat_00001.1.el8eap",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "0:3.3.22-1.Final_redhat_00001.1.el8eap",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "0:11.0.19-2.Final_redhat_00001.1.el8eap",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "0:4.0.54-3.Final_redhat_00001.1.el8eap",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "0:3.0.0-8.SP08_redhat_00001.1.el8eap",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "0:13.5.0-1.Final_redhat_00001.1.el8eap",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "0:1.12.3-3.Final_redhat_00001.1.el8eap",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "0:1.10.0-36.Final_redhat_00035.1.el8eap",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "0:2.2.32-1.SP1_redhat_00001.1.el8eap",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "0:7.4.17-2.GA_redhat_00002.1.el8eap",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "0:1.2.4-1.Final_redhat_00001.1.el8eap",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "0:1.15.23-2.Final_redhat_00001.1.el8eap",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "0:1.1.17-1.Final_redhat_00002.1.el8eap",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "0:1.1.19-1.Final_redhat_00001.1.el8eap",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "0:2.4.3-1.redhat_00001.1.el8eap",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "0:2.3.4-1.redhat_00002.1.el8eap",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "0:3.5.8-1.redhat_00001.1.el9eap",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "0:3.3.22-1.Final_redhat_00001.1.el9eap",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "0:11.0.19-2.Final_redhat_00001.1.el9eap",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "0:4.0.54-3.Final_redhat_00001.1.el9eap",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "0:3.0.0-8.SP08_redhat_00001.1.el9eap",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "0:13.5.0-1.Final_redhat_00001.1.el9eap",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "0:1.12.3-3.Final_redhat_00001.1.el9eap",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "0:1.10.0-36.Final_redhat_00035.1.el9eap",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "0:2.2.32-1.SP1_redhat_00001.1.el9eap",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "0:7.4.17-2.GA_redhat_00002.1.el9eap",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "0:1.2.4-1.Final_redhat_00001.1.el9eap",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "0:1.15.23-2.Final_redhat_00001.1.el9eap",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "0:1.1.17-1.Final_redhat_00002.1.el9eap",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "0:1.1.19-1.Final_redhat_00001.1.el9eap",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "0:2.4.3-1.redhat_00001.1.el9eap",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "0:2.3.4-1.redhat_00002.1.el9eap",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "0:1.15.23-2.Final_redhat_00001.1.el7eap",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"-Synchronized-Data."
2024-05-08 03:00:40 +00:00
"defaultStatus": "affected"
"-Synchronized-Data."
2024-04-10 19:05:57 +00:00
}
}
]
}
},
{
"product_name": "Red Hat JBoss Enterprise Application Platform 8",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"-Synchronized-Data."
2024-06-04 17:00:37 +00:00
"defaultStatus": "unaffected"
}
}
]
}
},
{
"product_name": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "0:4.0.1-1.Final_redhat_00001.1.el8eap",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "0:2.2.4-2.SP01_redhat_00001.1.el8eap",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "0:4.0.1-1.Final_redhat_00001.1.el9eap",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "0:2.2.4-2.SP01_redhat_00001.1.el9eap",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"-Synchronized-Data."
2024-05-08 03:00:40 +00:00
"defaultStatus": "affected"
"-Synchronized-Data."
2024-04-10 19:05:57 +00:00
}
}
]
}
},
{
"product_name": "Red Hat JBoss Enterprise Application Platform Expansion Pack",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"-Synchronized-Data."
2024-05-08 03:00:40 +00:00
"defaultStatus": "affected"
"-Synchronized-Data."
2024-04-10 19:05:57 +00:00
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
"-Synchronized-Data."
2024-06-03 23:00:33 +00:00
{
"url": "https://access.redhat.com/errata/RHSA-2024:3559",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2024:3559"
},
{
"url": "https://access.redhat.com/errata/RHSA-2024:3560",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2024:3560"
},
{
"url": "https://access.redhat.com/errata/RHSA-2024:3561",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2024:3561"
},
{
"url": "https://access.redhat.com/errata/RHSA-2024:3563",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2024:3563"
},
"-Synchronized-Data."
2024-06-04 17:00:37 +00:00
{
"url": "https://access.redhat.com/errata/RHSA-2024:3580",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2024:3580"
},
{
"url": "https://access.redhat.com/errata/RHSA-2024:3581",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2024:3581"
},
{
"url": "https://access.redhat.com/errata/RHSA-2024:3583",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2024:3583"
},
"-Synchronized-Data."
2024-04-10 19:05:57 +00:00
{
"url": "https://access.redhat.com/security/cve/CVE-2024-1233",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2024-1233"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2262849",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2262849"
"-Synchronized-Data."
2024-06-04 14:00:34 +00:00
},
{
"url": "https://github.com/advisories/GHSA-v4mm-q8fv-r2w5",
"refsource": "MISC",
"name": "https://github.com/advisories/GHSA-v4mm-q8fv-r2w5"
"-Synchronized-Data."
2024-06-04 15:00:36 +00:00
},
{
"url": "https://github.com/wildfly/wildfly/pull/17812/commits/0c02350bc0d84287bed46e7c32f90b36e50d3523",
"refsource": "MISC",
"name": "https://github.com/wildfly/wildfly/pull/17812/commits/0c02350bc0d84287bed46e7c32f90b36e50d3523"
},
{
"url": "https://issues.redhat.com/browse/WFLY-19226",
"refsource": "MISC",
"name": "https://issues.redhat.com/browse/WFLY-19226"
"-Synchronized-Data."
2024-04-10 19:05:57 +00:00
}
]
},
"-Synchronized-Data."
2024-05-14 05:00:33 +00:00
"work_around": [
{
"lang": "en",
"value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
}
],
"-Synchronized-Data."
2024-04-10 19:05:57 +00:00
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank Jingcheng Yang and Jianjun Chen from Sichuan University and Zhongguancun Lab for reporting this issue."
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
"-Synchronized-Data."
2024-02-05 19:00:37 +00:00
}
]
}
}
Reference in New Issue Copy Permalink