High severity7.3GHSA Advisory· Published Apr 9, 2024· Updated Apr 15, 2026
CVE-2024-1233
CVE-2024-1233
Description
A flaw was found in JwtValidator.resolvePublicKey in JBoss EAP, where the validator checks jku and sends a HTTP request. During this process, no whitelisting or other filtering behavior is performed on the destination URL address, which may result in a server-side request forgery (SSRF) vulnerability.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.wildfly.security:wildfly-elytron-realm-tokenMaven | <= 2.4.0.CR1 | — |
Affected products
2- Range: <= 2.4.0.CR1
Patches
Vulnerability mechanics
References
16- github.com/advisories/GHSA-v4mm-q8fv-r2w5nvdADVISORY
- nvd.nist.gov/vuln/detail/CVE-2024-1233ghsaADVISORY
- access.redhat.com/errata/RHSA-2024:3559nvdWEB
- access.redhat.com/errata/RHSA-2024:3560nvdWEB
- access.redhat.com/errata/RHSA-2024:3561nvdWEB
- access.redhat.com/errata/RHSA-2024:3563nvdWEB
- access.redhat.com/errata/RHSA-2024:3580nvdWEB
- access.redhat.com/errata/RHSA-2024:3581nvdWEB
- access.redhat.com/errata/RHSA-2024:3583nvdWEB
- access.redhat.com/errata/RHSA-2025:9582nvdWEB
- access.redhat.com/errata/RHSA-2025:9583nvdWEB
- access.redhat.com/security/cve/CVE-2024-1233nvdWEB
- bugzilla.redhat.com/show_bug.cginvdWEB
- github.com/wildfly/wildfly/commit/aa151a00d75d6dbc4a1bf1b68d58b9de3087bb62ghsaWEB
- github.com/wildfly/wildfly/pull/17812/commits/0c02350bc0d84287bed46e7c32f90b36e50d3523nvdWEB
- issues.redhat.com/browse/WFLY-19226nvdWEB
News mentions
0No linked articles in our index yet.