Vulnerability Description
The OpenID Connect server implementation for MITREid Connect through 1.3.3 contains a Server Side Request Forgery (SSRF) vulnerability. The vulnerability arises due to unsafe usage of the logo_uri parameter in the Dynamic Client Registration request. An unauthenticated attacker can make a HTTP request from the vulnerable server to any address in the internal network and obtain its response (which might, for example, have a JavaScript payload for resultant XSS). The issue can be exploited to bypass network boundaries, obtain sensitive data, or attack other hosts in the internal network.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mitreid | Connect | <= 1.3.3 |
Related Weaknesses (CWE)
References
- https://github.com/mitreid-connect/OpenID-Connect-Java-Spring-Server/releasesThird Party Advisory
- https://portswigger.net/research/hidden-oauth-attack-vectorsExploitThird Party Advisory
- https://github.com/mitreid-connect/OpenID-Connect-Java-Spring-Server/releasesThird Party Advisory
- https://portswigger.net/research/hidden-oauth-attack-vectorsExploitThird Party Advisory
FAQ
What is CVE-2021-26715?
CVE-2021-26715 is a vulnerability with a CVSS score of 9.1 (CRITICAL). The OpenID Connect server implementation for MITREid Connect through 1.3.3 contains a Server Side Request Forgery (SSRF) vulnerability. The vulnerability arises due to unsafe usage of the logo_uri par...
How severe is CVE-2021-26715?
CVE-2021-26715 has been rated CRITICAL with a CVSS base score of 9.1/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2021-26715?
Check the references section above for vendor advisories and patch information. Affected products include: Mitreid Connect.