What is CVE-2023-36661?

CVE-2023-36661 is a vulnerability in N/a. Published 2023-06-25.

Is CVE-2023-36661 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2023-36661

Shibboleth XMLTooling before 3.2.4, as used in OpenSAML and Shibboleth Service Provider, allows SSRF via a crafted KeyInfo element. (This is fixed in, for example, Shibboleth Service Provider 3.4.1.3 on Windows.)

EPSS: 0.607 (98.3th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

rapid7/metasploit-framework
ARPSyndicate/cve-scores

References

DSA-5432 (vendor-advisory)
shibboleth.net/community/advisories/secadv_20230612.txt

Frequently asked questions

What is CVE-2023-36661?: CVE-2023-36661 is a vulnerability in N/a. Published 2023-06-25.
Is CVE-2023-36661 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.