CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 1CVE-2021-26715
https://notcve.org/view.php?id=CVE-2021-26715
The OpenID Connect server implementation for MITREid Connect through 1.3.3 contains a Server Side Request Forgery (SSRF) vulnerability. The vulnerability arises due to unsafe usage of the logo_uri parameter in the Dynamic Client Registration request. An unauthenticated attacker can make a HTTP request from the vulnerable server to any address in the internal network and obtain its response (which might, for example, have a JavaScript payload for resultant XSS). The issue can be exploited to bypass network boundaries, obtain sensitive data, or attack other hosts in the internal network. La implementación del servidor OpenID Connect para MITREid Connect versiones hasta 1.3.3, contiene una vulnerabilidad de Server Side Request Forgery (SSRF). • https://github.com/mitreid-connect/OpenID-Connect-Java-Spring-Server/releases https://portswigger.net/research/hidden-oauth-attack-vectors • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 2CVE-2021-27582
https://notcve.org/view.php?id=CVE-2021-27582
org/mitre/oauth2/web/OAuthConfirmationController.java in the OpenID Connect server implementation for MITREid Connect through 1.3.3 contains a Mass Assignment (aka Autobinding) vulnerability. This arises due to unsafe usage of the @ModelAttribute annotation during the OAuth authorization flow, in which HTTP request parameters affect an authorizationRequest. El archivo org/mitre/oauth2/web/OAuthConfirmationController.java en la implementación del servidor OpenID Connect para MITREid Connect versiones hasta 1.3.3, contiene una vulnerabilidad de Asignación Masiva (también se conoce como Autobinding). Esto surge debido al uso no seguro de la anotación @ModelAttribute durante el flujo de autorización de OAuth, en el que los parámetros de petición HTTP afectan a una autorización de petición • http://agrrrdog.blogspot.com/2017/03/autobinding-vulns-and-spring-mvc.html https://github.com/mitreid-connect/OpenID-Connect-Java-Spring-Server/commit/7eba3c12fed82388f917e8dd9b73e86e3a311e4c https://portswigger.net/research/hidden-oauth-attack-vectors • CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 3CVE-2020-5497 – MITREid 1.3.3 Cross Site Scripting
https://notcve.org/view.php?id=CVE-2020-5497
The OpenID Connect reference implementation for MITREid Connect through 1.3.3 allows XSS due to userInfoJson being included in the page unsanitized. This is related to header.tag. The issue can be exploited to execute arbitrary JavaScript. La implementación de referencia de OpenID Connect para MITREid Connect versiones hasta la versión 1.3.3, permite un ataque de tipo XSS debido a que userInfoJson es incluido en la página no saneada. Esto está relacionado con el archivo header.tag. • http://packetstormsecurity.com/files/156574/MITREid-1.3.3-Cross-Site-Scripting.html http://seclists.org/fulldisclosure/2020/Feb/25 https://github.com/mitreid-connect/OpenID-Connect-Java-Spring-Server/issues/1521 https://www.securitymetrics.com/blog/MITREid-Connect-cross-site-scripting-CVE-2020-5497 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •