Описание
A flaw was found in JwtValidator.resolvePublicKey in JBoss EAP, where the validator checks jku and sends a HTTP request. During this process, no whitelisting or other filtering behavior is performed on the destination URL address, which may result in a server-side request forgery (SSRF) vulnerability.
Отчет
The SSRF vulnerability in JwtValidator.resolvePublicKey is considered a moderate severity issue due to its potential to allow unauthorized internal network access and exposure of sensitive information, albeit with certain constraints. The vulnerability leverages the absence of URL whitelisting or filtering when resolving the jku header, which can be exploited to make HTTP requests to arbitrary URLs. While the immediate impact might not directly compromise sensitive data or system integrity, it opens a pathway for attackers to discover and interact with internal services, potentially leading to further exploitation. The exploitation complexity and the need for an attacker to craft a malicious JWT token mitigate the severity to a moderate level, as it requires a certain degree of knowledge and capability to execute effectively.
Меры по смягчению последствий
Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat JBoss Enterprise Application Platform Expansion Pack | wildfly | Affected | ||
| Important: Red Hat JBoss Enterprise Application Platform 7.4.17 Security update | eap | Fixed | RHSA-2024:3563 | 03.06.2024 |
| Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 | eap7-glassfish-el | Fixed | RHSA-2025:9582 | 25.06.2025 |
| Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 | eap7-hibernate | Fixed | RHSA-2025:9582 | 25.06.2025 |
| Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 | eap7-jackson-databind | Fixed | RHSA-2025:9582 | 25.06.2025 |
| Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 | eap7-jboss-ejb-client | Fixed | RHSA-2025:9582 | 25.06.2025 |
| Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 | eap7-netty | Fixed | RHSA-2025:9582 | 25.06.2025 |
| Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 | eap7-undertow | Fixed | RHSA-2025:9582 | 25.06.2025 |
| Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 | eap7-wildfly | Fixed | RHSA-2025:9582 | 25.06.2025 |
| Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 | eap7-wildfly-elytron | Fixed | RHSA-2025:9582 | 25.06.2025 |
Показывать по
Дополнительная информация
Статус:
EPSS
7.3 High
CVSS3
Связанные уязвимости
A flaw was found in` JwtValidator.resolvePublicKey` in JBoss EAP, where the validator checks jku and sends a HTTP request. During this process, no whitelisting or other filtering behavior is performed on the destination URL address, which may result in a server-side request forgery (SSRF) vulnerability.
EPSS
7.3 High
CVSS3