Security Advisory

CVE-2024-1233

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2024-04-09 07:01:47

Last updated 2025-12-01 12:49:56

Assigner redhat

State PUBLISHED

Description

A flaw was found in` JwtValidator.resolvePublicKey` in JBoss EAP, where the validator checks jku and sends a HTTP request. During this process, no whitelisting or other filtering behavior is performed on the destination URL address, which may result in a server-side request forgery (SSRF) vulnerability.

← Browse all CVEs View on cve.org ↗