JwtValidator ResolvePublicKey Vulnerability Could Lead to SSRF
CVE-2024-1233

7.3HIGH

Key Information:

Vendor
Red Hat
Status
Red Hat Jboss Enterprise Application Platform 7
Red Hat Jboss Enterprise Application Platform 7.4 For Rhel 8
Red Hat Jboss Enterprise Application Platform 7.4 For Rhel 9
Red Hat Jboss Enterprise Application Platform 7.4 On Rhel 7
Vendor
CVE Published:
9 April 2024

Summary

A vulnerability exists in the JwtValidator.resolvePublicKey method of JBoss EAP, which permits an attacker to execute a server-side request forgery (SSRF) attack. This issue arises because the validator inadequately filters or whitelists destination URL addresses during HTTP requests when processing JSON Web Token (JWT) public key URLs. As a result, malicious actors may exploit this flaw to make unauthorized HTTP requests from the vulnerable server, compromising internal resources and exposing sensitive data.

References

https://access.redhat.com/errata/RHSA-2024:3559
vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:3560
vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:3561
vendor-advisoryx_refsource_REDHAT

CVSS V3.1

Score:
7.3
Severity:
HIGH
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Collectors

NVD DatabaseMitre Database

Credit

Red Hat would like to thank Jingcheng Yang and Jianjun Chen from Sichuan University and Zhongguancun Lab for reporting this issue.
.