CVE-2022-24129
Description
The OIDC OP plugin before 3.0.4 for Shibboleth Identity Provider allows server-side request forgery (SSRF) due to insufficient restriction of the request_uri parameter. This allows attackers to interact with arbitrary third-party HTTP services.
NVD
Severity: HIGH
CVE ID: CVE-2022-24129
CVSS Score: 8.2
CVSS Metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N
Proof Of Concept
Nuclei Templates for CVE-2022-24129
Refrence: Project Discovery GitHub