CVE-2021-26715 – org.mitre:openid-connect-server

Package

Manager: maven
Name: org.mitre:openid-connect-server
Vulnerable Version: >=0 <=1.3.3

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00552 pctl0.67053

Details

Server Side Request Forgery (SSRF) in org.mitre:openid-connect-server The OpenID Connect server implementation for MITREid Connect through 1.3.3 contains a Server Side Request Forgery (SSRF) vulnerability. The vulnerability arises due to unsafe usage of the logo_uri parameter in the Dynamic Client Registration request. An unauthenticated attacker can make a HTTP request from the vulnerable server to any address in the internal network and obtain its response (which might, for example, have a JavaScript payload for resultant XSS). The issue can be exploited to bypass network boundaries, obtain sensitive data, or attack other hosts in the internal network.

Metadata

Created: 2021-05-13T22:30:52Z
Modified: 2021-03-31T23:22:17Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/05/GHSA-792r-mh2q-p8qp/GHSA-792r-mh2q-p8qp.json
CWE IDs: ["CWE-918"]
Alternative ID: GHSA-792r-mh2q-p8qp
Finding: F100
Auto approve: 1