CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2022-24129

The OIDC OP plugin before 3.0.4 for Shibboleth Identity Provider allows server-side request forgery (SSRF) due to insufficient restriction of the request_uri parameter. This allows attackers to interact with arbitrary third-party HTTP services.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.139

EPSS Ranking 94.0%

CVSS Severity

CVSS v3 Score 8.2

CVSS v2 Score 6.4

References

http://shibboleth.net/community/advisories/
http://shibboleth.net/community/advisories/secadv_20220131.txt
https://github.com/sbaresearch/advisories/tree/public/2022/SBA-ADV-20220127-01_Shibboleth_IdP_OIDC_OP_Plugin_SSRF
http://shibboleth.net/community/advisories/
http://shibboleth.net/community/advisories/secadv_20220131.txt
https://github.com/sbaresearch/advisories/tree/public/2022/SBA-ADV-20220127-01_Shibboleth_IdP_OIDC_OP_Plugin_SSRF

Products affected by CVE-2022-24129

Shibboleth » Oidc Op » Version: 3.0.0

cpe:2.3:a:shibboleth:oidc_op:3.0.0
Shibboleth » Oidc Op » Version: 3.0.1

cpe:2.3:a:shibboleth:oidc_op:3.0.1
Shibboleth » Oidc Op » Version: 3.0.2

cpe:2.3:a:shibboleth:oidc_op:3.0.2
Shibboleth » Oidc Op » Version: 3.0.3

cpe:2.3:a:shibboleth:oidc_op:3.0.3

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2022-24129

Products

Pricing

Contact Us