Informazioni sul CVE-2024-1233
Eap: wildfly-elytron has a ssrf security issue
CWE ID: CWE-918
Base Score (CVSS): N/A
CVE: CVE-2024-1233
Descrizione: “È stato rilevato un difetto in `JwtValidator.resolvePublicKey` in JBoss EAP, dove il validatore controlla jku e invia una richiesta HTTP. Durante questo processo, non viene eseguita alcuna whitelist o comportamento di filtraggio sulla destinazione dell’indirizzo URL, il che potrebbe portare a una vulnerabilità di richiesta lato server (SSRF).”
Vettore di attacco CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Punteggio CVSS
Il CVSS è un sistema di valutazione che misura la gravità di una vulnerabilità informatica considerando fattori come l’impatto potenziale, la probabilità di attacco e la facilità di esecuzione.
Riassunto: Accesso: Network, Privilegi: None, Interazione utente: None, Confidenzialità: Low, Integrità: Low, Disponibilità: Low.
Dettaglio del Vettore
| Metrica | Valore | Significato | Descrizione |
|---|---|---|---|
| Attack Vector (AV) | N | Network | L’attacco può essere eseguito da remoto attraverso la rete. |
| Attack Complexity (AC) | L | Low | L’attacco non richiede condizioni particolari. |
| Privileges Required (PR) | N | None | Non sono richiesti privilegi. |
| User Interaction (UI) | N | None | Non è richiesta interazione dell’utente. |
| Scope (S) | U | Unchanged | Il raggio d’azione non cambia. |
| Confidentiality Impact (C) | L | Low | Impatto limitato. |
| Integrity Impact (I) | L | Low | Impatto limitato. |
| Availability Impact (A) | L | Low | Interferenza limitata. |
Riferimenti esterni
- https://access.redhat.com/errata/RHSA-2024:3559
- https://access.redhat.com/errata/RHSA-2024:3560
- https://access.redhat.com/errata/RHSA-2024:3561
- https://access.redhat.com/errata/RHSA-2024:3563
- https://access.redhat.com/errata/RHSA-2024:3580
- https://access.redhat.com/errata/RHSA-2024:3581
- https://access.redhat.com/errata/RHSA-2024:3583
- https://access.redhat.com/security/cve/CVE-2024-1233
- https://bugzilla.redhat.com/show_bug.cgi?id=2262849
- https://github.com/advisories/GHSA-v4mm-q8fv-r2w5
- https://github.com/wildfly/wildfly/pull/17812/commits/0c02350bc0d84287bed46e7c32f90b36e50d3523
- https://issues.redhat.com/browse/WFLY-19226
Prodotti interessati
- Sconosciuto – Sconosciuto
- Red Hat – Red Hat JBoss Enterprise Application Platform 7
- Red Hat – Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8
- Red Hat – Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8
- Red Hat – Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8
- Red Hat – Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8
- Red Hat – Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8
- Red Hat – Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8
- Red Hat – Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8
- Red Hat – Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8
- Red Hat – Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8
- Red Hat – Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8
- Red Hat – Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8
- Red Hat – Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8
- Red Hat – Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8
- Red Hat – Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8
- Red Hat – Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8
- Red Hat – Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8
- Red Hat – Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9
- Red Hat – Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9
- Red Hat – Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9
- Red Hat – Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9
- Red Hat – Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9
- Red Hat – Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9
- Red Hat – Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9
- Red Hat – Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9
- Red Hat – Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9
- Red Hat – Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9
- Red Hat – Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9
- Red Hat – Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9
- Red Hat – Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9
- Red Hat – Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9
- Red Hat – Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9
- Red Hat – Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9
- Red Hat – Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7
- Red Hat – Red Hat JBoss Enterprise Application Platform 8
- Red Hat – Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8
- Red Hat – Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8
- Red Hat – Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9
- Red Hat – Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9
- Red Hat – Red Hat JBoss Enterprise Application Platform Expansion Pack
Relazioni con altri prodotti
Produttore:Red Hat
Prodotto: Red Hat JBoss Enterprise Application Platform 7
Anno: 2024
CWE: CWE-918
CVSS: 0.0
Produttore:Red Hat
Prodotto: Red Hat JBoss Enterprise Application Platform Expansion Pack
Anno: 2024
CWE: CWE-918
CVSS: 0.0
Produttore:Red Hat
Prodotto: Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8
Anno: 2024
CWE: CWE-918
CVSS: 0.0
Produttore:Red Hat
Prodotto: Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9
Anno: 2024
CWE: CWE-918
CVSS: 0.0
Produttore:Red Hat
Prodotto: Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7
Anno: 2024
CWE: CWE-918
CVSS: 0.0
Produttore:Red Hat
Prodotto: Red Hat JBoss Enterprise Application Platform 8
Anno: 2024
CWE: CWE-918
CVSS: 0.0
Produttore:Red Hat
Prodotto: Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8
Anno: 2024
CWE: CWE-918
CVSS: 0.0
Produttore:Red Hat
Prodotto: Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9
Anno: 2024
CWE: CWE-918
CVSS: 0.0