CVE-2024-1233 Information

Description

A flaw was found in JwtValidator.resolvePublicKey in JBoss EAP where the validator checks jku and sends a HTTP request. During this process no whitelisting or other filtering behavior is performed on the destination URL address which may result in a server-side request forgery (SSRF) vulnerability.

Reference

https://access.redhat.com/security/cve/CVE-2024-1233 https://bugzilla.redhat.com/show_bug.cgi?id=2262849