Описание
A flaw was found in JwtValidator.resolvePublicKey in JBoss EAP, where the validator checks jku and sends a HTTP request. During this process, no whitelisting or other filtering behavior is performed on the destination URL address, which may result in a server-side request forgery (SSRF) vulnerability.
Ссылки
EPSS
Процентиль: 39%
0.00177
Низкий
7.3 High
CVSS3
Дефекты
CWE-918
Связанные уязвимости
CVSS3: 7.3
redhat
почти 2 года назад
A flaw was found in` JwtValidator.resolvePublicKey` in JBoss EAP, where the validator checks jku and sends a HTTP request. During this process, no whitelisting or other filtering behavior is performed on the destination URL address, which may result in a server-side request forgery (SSRF) vulnerability.
EPSS
Процентиль: 39%
0.00177
Низкий
7.3 High
CVSS3
Дефекты
CWE-918