admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-28 09:11:28 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2024/CVE-2024-12xx/CVE-2024-1233.json
cad-safe-bot 9d8babeec3 Auto-Update: 2024-07-14T02:00:17.787041+00:00
2024-07-14 02:06:08 +00:00

104 lines
3.3 KiB
JSON
Raw Blame History

{
"id": "CVE-2024-1233",
"sourceIdentifier": "secalert@redhat.com",
"published": "2024-04-09T07:15:08.060",
"lastModified": "2024-06-04T17:15:47.563",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in` JwtValidator.resolvePublicKey` in JBoss EAP, where the validator checks jku and sends a HTTP request. During this process, no whitelisting or other filtering behavior is performed on the destination URL address, which may result in a server-side request forgery (SSRF) vulnerability."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una falla en `JwtValidator.resolvePublicKey` en JBoss EAP, donde el validador verifica jku y env\u00eda una solicitud HTTP. Durante este proceso, no se realiza ninguna lista blanca ni ning\u00fan otro comportamiento de filtrado en la direcci\u00f3n URL de destino, lo que puede provocar una vulnerabilidad Server-Side Request Forgery (SSRF)."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secalert@redhat.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.4
}
]
},
"weaknesses": [
{
"source": "secalert@redhat.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-918"
}
]
}
],
"references": [
{
"url": "https://access.redhat.com/errata/RHSA-2024:3559",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/errata/RHSA-2024:3560",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/errata/RHSA-2024:3561",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/errata/RHSA-2024:3563",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/errata/RHSA-2024:3580",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/errata/RHSA-2024:3581",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/errata/RHSA-2024:3583",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2024-1233",
"source": "secalert@redhat.com"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2262849",
"source": "secalert@redhat.com"
},
{
"url": "https://github.com/advisories/GHSA-v4mm-q8fv-r2w5",
"source": "secalert@redhat.com"
},
{
"url": "https://github.com/wildfly/wildfly/pull/17812/commits/0c02350bc0d84287bed46e7c32f90b36e50d3523",
"source": "secalert@redhat.com"
},
{
"url": "https://issues.redhat.com/browse/WFLY-19226",
"source": "secalert@redhat.com"
}
]
}
Reference in New Issue View Git Blame Copy Permalink