Red Hat JBoss EAP 8.0.2 Security Update: SSRF/Credential Leak Fixes (CVE-2024-1233, CVE-2024-1102)

### Key Vulnerability Information #### Synopsis - **Severity**: Moderate - Update for Red Hat JBoss Enterprise Application Platform 8.0.2 Security Update #### Vulnerabilities Addressed - **CVE-2023-4503**: Custom provisioning creates unsecured http-invoker - **CVE-2023-6236**: OIDC app attempting to access the second tenant, the user should be prompted to log in - **CVE-2024-1102**: jberet-core: jberet-core logging database credentials - **CVE-2024-1233**: JBoss EAP: wildfly-elytron has a SSRF security issue #### Affected Products - JBoss Enterprise Application Platform 8.0 for RHEL 9 x86_64 #### Fixes - Upgrades and bug fixes in various components like WildFly Core, Infinispan, EAP Installer, etc. #### CVEs - CVE-2023-4503 - CVE-2023-6236 - CVE-2024-1102 - CVE-2024-1233 #### References - [Red Hat Security Impact Classification](https://access.redhat.com/security/updates/classification/#moderate) - [Red Hat JBoss Enterprise Application Platform 8.0 Documentation](https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/8.0/)

Goal Reached Thanks to every supporter — we hit 100%!

Red Hat JBoss EAP 8.0.2 Security Update: SSRF/Credential Leak Fixes (CVE-2024-1233, CVE-2024-1102)