CVE-2022-24129
published 2022-02-04CVE-2022-24129: The OIDC OP plugin before 3.0.4 for Shibboleth Identity Provider allows server-side request forgery (SSRF) due to insufficient restriction of the request_uri…
PriorityP259high8.2CVSS 3.1
AVNACLPRNUINSUCLIHAN
EXPLOIT
EPSS
6.14%
92.6th percentile
The OIDC OP plugin before 3.0.4 for Shibboleth Identity Provider allows server-side request forgery (SSRF) due to insufficient restriction of the request_uri parameter. This allows attackers to interact with arbitrary third-party HTTP services.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| shibboleth | oidc_op | < 3.0.4 | 3.0.4 |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect SSRF exploitation attempts by monitoring GET requests to /idp/profile/oidc/authorize containing a request_uri parameter pointing to an external/out-of-band host (e.g., interactsh or Burp Collaborator URLs). ↗
- →Confirm exploitation by observing an outbound HTTP callback from the Shibboleth IdP server containing the string 'ShibbolethIdp' in the User-Agent or request headers, indicating the server fetched the attacker-supplied request_uri. ↗
- →The vulnerability is triggered via the request_uri parameter in the OIDC authorization endpoint; monitor for any request_uri values that resolve to non-whitelisted or external hosts. ↗
- ·Only Shibboleth Identity Provider instances running the OIDC OP plugin versions prior to 3.0.4 are affected. Instances upgraded to 3.0.4 or later are not vulnerable. ↗
CVSS provenance
nvdv3.18.2HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N
nvdv2.06.4MEDIUMAV:N/AC:L/Au:N/C:P/I:P/A:N
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Nuclei
Shibboleth OIDC OP <3.0.4 - Server-Side Request Forgery
nuclei·CVSS 8.2
CVE-2022-24129 [HIGH] Shibboleth OIDC OP <3.0.4 - Server-Side Request Forgery
Shibboleth OIDC OP <3.0.4 - Server-Side Request Forgery
The Shibboleth Identity Provider OIDC OP plugin before 3.0.4 is vulnerable to server-side request forgery (SSRF) due to insufficient restriction of the request_uri parameter, which allows attackers to interact with arbitrary third-party HTTP services.
Template:
id: CVE-2022-24129
info:
name: Shibboleth OIDC OP <3.0.4 - Server-Side Request Forgery
author: 0x_Akoko
severity: high
description: The Shibboleth Identity Provider OIDC OP plugin before 3.0.4 is vulnerable to server-side request forgery (SSRF) due to insufficient restriction of the request_uri parameter, which allows attackers to interact with arbitrary third-party HTTP services.
impact: |
An attacker can exploit this vulnerability to send crafted requests, potentially lea
http://shibboleth.net/community/advisories/http://shibboleth.net/community/advisories/secadv_20220131.txthttps://github.com/sbaresearch/advisories/tree/public/2022/SBA-ADV-20220127-01_Shibboleth_IdP_OIDC_OP_Plugin_SSRFhttp://shibboleth.net/community/advisories/http://shibboleth.net/community/advisories/secadv_20220131.txthttps://github.com/sbaresearch/advisories/tree/public/2022/SBA-ADV-20220127-01_Shibboleth_IdP_OIDC_OP_Plugin_SSRF
2022-02-04
Published