Description

A flaw was found in` JwtValidator.resolvePublicKey` in JBoss EAP, where the validator checks jku and sends a HTTP request. During this process, no whitelisting or other filtering behavior is performed on the destination URL address, which may result in a server-side request forgery (SSRF) vulnerability.

INFO

Published Date :

2024-04-09T07:01:47.673Z

Last Modified :

2025-12-01T12:49:56.281Z

Source :

redhat
AFFECTED PRODUCTS

The following products are affected by CVE-2024-1233 vulnerability.

Vendors Products
Redhat
  • Jboss Enterprise Application Platform
  • Jboss Enterprise Application Platform Eus
  • Jbosseapxp

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact