Fulcio is a certificate authority for issuing code signing certificates for an OpenID Connect (OIDC) identity. Prior to 1.8.5, Fulcio's metaRegex() function uses unanchored regex, allowing attackers to bypass MetaIssuer URL validation and trigger SSRF to arbitrary internal services. Since the SSRF only can trigger GET requests, the request cannot mutate state. The response from the GET request is not returned to the caller so data exfiltration is not possible. A malicious actor could attempt to probe an internal network through Blind SSRF. This vulnerability is fixed in 1.8.5.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:NLinuxfoundation Fulcio
APPLinuxfoundation< 1.8.5
Related vulnerabilities
Fulcio is a free-to-use certificate authority for issuing code signing certificates for an OpenID Connect (OID...
containerd is an open-source container runtime. In versions prior to 1.7.33, 2.3.2, 2.2.5, 2.1.9, and 2.0.10 t...
CloudNativePG: eskalacja uprawnień do superużytkownika PostgreSQL przez metrics exporter
AGL app-framework-main: Zip Slip + TOCTOU umożliwiają zapis dowolnych plików
Spinnaker Echo: nieograniczony dostęp SPeL umożliwia RCE