漏洞描述
Shibboleth Identity Provider 中的 OIDC OP 插件存在SSRF漏洞,此漏洞是程序对request_uri参数限制不充分所导致的。
Shibboleth Identity Provider OIDC OP 插件 SSRF 漏洞
PoC代码
暂无相关漏洞推荐
- POC CVE-2025-61757: Oracle Identity Manager REST WebServices - Authentication Bypass
- POC CVE-2022-22972: VMware Workspace ONE Access/Identity Manager/vRealize Automation - Authentication Bypass
- POC CVE-2022-24129: Shibboleth OIDC OP <3.0.4 - Server-Side Request Forgery
- POC CVE-2023-2822: Ellucian Ethos Identity CAS - Cross-Site Scripting
- POC azure-openai-managed-identity-not-used: Azure OpenAI Service Instance Managed Identity Not Used
- POC azure-aks-not-user-assigned: Azure AKS Managed Identity Not User-Assigned
- POC azure-apim-system-assigned-identity-unconfigured: Azure API Management Service System-Assigned Managed Identity Not Configured
- POC azure-apim-user-assigned-id-not-used: Azure API Management User-Assigned Managed Identity Not Configured
- POC azure-search-service-managed-identity-disabled: Azure Search Service Managed Identity Not Enabled
- POC azure-vm-managed-identity-unassigned: Azure VM Managed Identity Not Assigned
- POC gcloud-gke-workload-identity-disabled: GKE Clusters Without Workload Identity Federation
- POC gcloud-org-workload-identity: Workload Identity Cluster Creation Not Disabled
- POC nacos-severidentity-bypass: Alibaba Nacos ServerIdentity 权限绕过