← Back

Oidc Op

oidc_op

Vendor: Shibboleth • 1 CVE

CVEs (1)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2022-24129
1Shibboleth
1Oidc Op
Nov 21, 2024
Feb 4, 2022
N/A· v4
8.2 HIGH· v3
6.4 MEDIUM· v2
The OIDC OP plugin before 3.0.4 for Shibboleth Identity Provider allows server-side request forgery (SSRF) due to insufficient restriction of the request_uri parameter. This allows attackers to interact with arbitrary th...Show more
The OIDC OP plugin before 3.0.4 for Shibboleth Identity Provider allows server-side request forgery (SSRF) due to insufficient restriction of the request_uri parameter. This allows attackers to interact with arbitrary third-party HTTP services.Show less