漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Dapr - OIDC Discovery Issuer and JWKS URI Injection via Unvalidated X-Forwarded-Host
Vulnerability Description
Dapr Sentry's OIDC discovery endpoint derives the issuer and jwks_uri of the /.well-known/openid-configuration document from the request Host, honoring an attacker-controlled X-Forwarded-Host header without validation when no allowed-hosts list is configured (the default), and serves the document with a one-hour public cache lifetime. A remote unauthenticated attacker can poison the discovery document so relying parties performing dynamic (unpinned) discovery fetch the JWKS from an attacker-controlled server, causing attacker-signed JWTs to be accepted. Exploitation requires the OIDC server enabled without a configured jwt-issuer or oidc-allowed-hosts.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Vulnerability Type
源验证错误
Vulnerability Title
Dapr 输入验证错误漏洞
Vulnerability Description
Dapr是Dapr组织开源的一个可移植、无服务器、事件驱动的运行时。 Dapr 1.17.0版本和1.18.0版本存在输入验证错误漏洞,该漏洞源于未验证X-Forwarded-Host标头,可能导致远程未经验证的攻击者篡改OIDC发现文档,使依赖方从攻击者控制的服务器获取JWKS,从而接受攻击者签名的JWT。
CVSS Information
N/A
Vulnerability Type
N/A