Red Hat · Jboss Eap · CVE-2024-1233
**Name of the Vulnerable Software and Affected Versions**
JBoss EAP (affected versions not specified)
**Description**
A flaw was found in `JwtValidator.resolvePublicKey` in JBoss EAP, where the validator checks jku and sends a HTTP request. During this process, no whitelisting or other filtering behavior is performed on the destination URL address, which may result in a server-side request forgery (SSRF) vulnerability.
**Recommendations**
At the moment, there is no information about a newer version that contains a fix for this vulnerability.