CVE-2022-24129

https://notcve.org/view.php?id=CVE-2022-24129

The OIDC OP plugin before 3.0.4 for Shibboleth Identity Provider allows server-side request forgery (SSRF) due to insufficient restriction of the request_uri parameter. This allows attackers to interact with arbitrary third-party HTTP services. El plugin OIDC OP versiones anteriores a 3.0.4, para Shibboleth Identity Provider permite un ataque de tipo server-side request forgery (SSRF) debido a una restricción insuficiente del parámetro request_uri. Esto permite a atacantes interactuar con servicios HTTP arbitrarios de terceros • http://shibboleth.net/community/advisories http://shibboleth.net/community/advisories/secadv_20220131.txt https://github.com/sbaresearch/advisories/tree/public/2022/SBA-ADV-20220127-01_Shibboleth_IdP_OIDC_OP_Plugin_SSRF • CWE-918: Server-Side Request Forgery (SSRF) •