Description

The OpenID Connect server implementation for MITREid Connect through 1.3.3 is vulnerable to a Server Side Request Forgery (SSRF) vulnerability. The vulnerability arises due to unsafe usage of the logo_uri parameter in the Dynamic Client Registration request. An unauthenticated attacker can make a HTTP request from the vulnerable server to any address in the internal network and obtain its response (which might, for example, have a JavaScript payload for resultant XSS).

Remediation

Upgrade to the latest version of MITREid Connect

References

Related Vulnerabilities