CVE-2024-1233

A flaw was found in` JwtValidator.resolvePublicKey` in JBoss EAP, where the validator checks jku and sends a HTTP request. During this process, no whitelisting or other filtering behavior is performed on the destination URL address, which may result in a server-side request forgery (SSRF) vulnerability.

CVSS v3 7.3 HIGH

7.3^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact LOW

Scope UNCHANGED

References

Link	Resource
https://access.redhat.com/errata/RHSA-2024:3559
https://access.redhat.com/errata/RHSA-2024:3560
https://access.redhat.com/errata/RHSA-2024:3561
https://access.redhat.com/errata/RHSA-2024:3563
https://access.redhat.com/errata/RHSA-2024:3580
https://access.redhat.com/errata/RHSA-2024:3581
https://access.redhat.com/errata/RHSA-2024:3583
https://access.redhat.com/errata/RHSA-2025:9582
https://access.redhat.com/errata/RHSA-2025:9583
https://access.redhat.com/security/cve/CVE-2024-1233
https://bugzilla.redhat.com/show_bug.cgi?id=2262849
https://github.com/advisories/GHSA-v4mm-q8fv-r2w5
https://github.com/wildfly/wildfly/pull/17812/commits/0c02350bc0d84287bed46e7c32f90b36e50d3523
https://issues.redhat.com/browse/WFLY-19226
https://access.redhat.com/errata/RHSA-2024:3559
https://access.redhat.com/errata/RHSA-2024:3560
https://access.redhat.com/errata/RHSA-2024:3561
https://access.redhat.com/errata/RHSA-2024:3563
https://access.redhat.com/errata/RHSA-2024:3580
https://access.redhat.com/errata/RHSA-2024:3581
https://access.redhat.com/errata/RHSA-2024:3583
https://access.redhat.com/security/cve/CVE-2024-1233
https://bugzilla.redhat.com/show_bug.cgi?id=2262849
https://github.com/advisories/GHSA-v4mm-q8fv-r2w5
https://github.com/wildfly/wildfly/pull/17812/commits/0c02350bc0d84287bed46e7c32f90b36e50d3523
https://issues.redhat.com/browse/WFLY-19226

Configurations

No configuration.

History

25 Jun 2025, 01:15

Type	Values Removed	Values Added
References		() https://access.redhat.com/errata/RHSA-2025:9582 - () https://access.redhat.com/errata/RHSA-2025:9583 -

21 Nov 2024, 08:50

Type	Values Removed	Values Added
References	~~() https://access.redhat.com/errata/RHSA-2024:3559 -~~	() https://access.redhat.com/errata/RHSA-2024:3559 -
References	~~() https://access.redhat.com/errata/RHSA-2024:3560 -~~	() https://access.redhat.com/errata/RHSA-2024:3560 -
References	~~() https://access.redhat.com/errata/RHSA-2024:3561 -~~	() https://access.redhat.com/errata/RHSA-2024:3561 -
References	~~() https://access.redhat.com/errata/RHSA-2024:3563 -~~	() https://access.redhat.com/errata/RHSA-2024:3563 -
References	~~() https://access.redhat.com/errata/RHSA-2024:3580 -~~	() https://access.redhat.com/errata/RHSA-2024:3580 -
References	~~() https://access.redhat.com/errata/RHSA-2024:3581 -~~	() https://access.redhat.com/errata/RHSA-2024:3581 -
References	~~() https://access.redhat.com/errata/RHSA-2024:3583 -~~	() https://access.redhat.com/errata/RHSA-2024:3583 -
References	~~() https://access.redhat.com/security/cve/CVE-2024-1233 -~~	() https://access.redhat.com/security/cve/CVE-2024-1233 -
References	~~() https://bugzilla.redhat.com/show_bug.cgi?id=2262849 -~~	() https://bugzilla.redhat.com/show_bug.cgi?id=2262849 -
References	~~() https://github.com/advisories/GHSA-v4mm-q8fv-r2w5 -~~	() https://github.com/advisories/GHSA-v4mm-q8fv-r2w5 -
References	~~() https://github.com/wildfly/wildfly/pull/17812/commits/0c02350bc0d84287bed46e7c32f90b36e50d3523 -~~	() https://github.com/wildfly/wildfly/pull/17812/commits/0c02350bc0d84287bed46e7c32f90b36e50d3523 -
References	~~() https://issues.redhat.com/browse/WFLY-19226 -~~	() https://issues.redhat.com/browse/WFLY-19226 -

04 Jun 2024, 17:15

Type	Values Removed	Values Added
References		() https://access.redhat.com/errata/RHSA-2024:3580 - () https://access.redhat.com/errata/RHSA-2024:3581 - () https://access.redhat.com/errata/RHSA-2024:3583 -

04 Jun 2024, 14:15

Type	Values Removed	Values Added
References		() https://github.com/advisories/GHSA-v4mm-q8fv-r2w5 - () https://github.com/wildfly/wildfly/pull/17812/commits/0c02350bc0d84287bed46e7c32f90b36e50d3523 - () https://issues.redhat.com/browse/WFLY-19226 -

03 Jun 2024, 23:15

Type	Values Removed	Values Added
References		() https://access.redhat.com/errata/RHSA-2024:3559 - () https://access.redhat.com/errata/RHSA-2024:3560 - () https://access.redhat.com/errata/RHSA-2024:3561 - () https://access.redhat.com/errata/RHSA-2024:3563 -

14 May 2024, 16:15

Type	Values Removed	Values Added
CWE		CWE-918

09 Apr 2024, 07:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-04-09 07:15

Updated : 2025-06-25 01:15

NVD link : CVE-2024-1233

Mitre link : CVE-2024-1233

CVE.ORG link : CVE-2024-1233

JSON object : View

Products Affected

No product.

CWE

CWE-918

Server-Side Request Forgery (SSRF)

7.3 /10