Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2023-36661Server-Side Request Forgery in Xmltooling

CWE-918Server-Side Request Forgery12 documents9 sources
Severity
7.5HIGHNVD
NVD7.3
EPSS
60.7%
top 1.70%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
3
Xmltooling Project XmltoolingShibboleth XmltoolingDebian Linux
Timeline
PublishedJun 25
Latest updateJun 26

Description

Shibboleth XMLTooling before 3.2.4, as used in OpenSAML and Shibboleth Service Provider, allows SSRF via a crafted KeyInfo element. (This is fixed in, for example, Shibboleth Service Provider 3.4.1.3 on Windows.)

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

Debianxmltooling_project/xmltooling< 3.2.0-3+deb11u1+3

Also affects: Debian Linux 11.0, 12.0

🔴Vulnerability Details

6
GHSA
GHSA-64v6-hr9r-33mx: The W3C XML Signature Syntax and Processing (XMLDsig) specification, starting with 12024-06-26
CVEList
CVE-2024-34581: The W3C XML Signature Syntax and Processing (XMLDsig) specification, starting with 12024-06-26
GHSA
GHSA-j522-236p-wx5g: Shibboleth XMLTooling before 32023-06-26
CVEList
CVE-2023-36661: Shibboleth XMLTooling before 32023-06-25
OSV
CVE-2023-36661: Shibboleth XMLTooling before 32023-06-25

💥Exploits & PoCs

1
Metasploit
Ivanti Connect Secure Unauthenticated Remote Code Execution

📋Vendor Advisories

3
Ubuntu
XMLTooling vulnerability2023-08-03
Red Hat
XMLTooling: SSRF via a crafted KeyInfo element2023-06-26
Debian
CVE-2023-36661: xmltooling - Shibboleth XMLTooling before 3.2.4, as used in OpenSAML and Shibboleth Service P...2023
CVE-2023-36661 — Server-Side Request Forgery | cvebase