漏洞描述
Shibboleth Identity Provider 中的 OIDC OP 插件存在SSRF漏洞,此漏洞是程序对request_uri参数限制不充分所导致的。
Shibboleth Identity Provider OIDC OP 插件 SSRF 漏洞
PoC代码
暂无相关漏洞推荐
- Apache Airflow Providers Edge3 设计缺陷漏洞
- Oracle Identity Manager /iam/governance/applicationmanagement/api/v1/applications/groovyscriptstatus;.wadl 命令执行漏洞(CVE-2025-61757)
- Oracle Identity Manager 访问控制不当漏洞
- POC CVE-2025-61757: Oracle Identity Manager REST WebServices - Authentication Bypass
- (CVE-2025-61757)Oracle Identity Manager REST WebServices远程接管漏洞
- 红帆 iOffice /ioffice/Identity/HbcaUserLogin.aspx 存在SQL注入漏洞
- POC CVE-2022-22972: VMware Workspace ONE Access/Identity Manager/vRealize Automation - Authentication Bypass
- POC CVE-2022-24129: Shibboleth OIDC OP <3.0.4 - Server-Side Request Forgery
- POC CVE-2023-2822: Ellucian Ethos Identity CAS - Cross-Site Scripting
- POC azure-openai-managed-identity-not-used: Azure OpenAI Service Instance Managed Identity Not Used
- POC azure-aks-not-user-assigned: Azure AKS Managed Identity Not User-Assigned
- POC azure-apim-system-assigned-identity-unconfigured: Azure API Management Service System-Assigned Managed Identity Not Configured
- POC azure-apim-user-assigned-id-not-used: Azure API Management User-Assigned Managed Identity Not Configured