[Eclipse CSI - PIA] Unauthenticated SSRF via issuer allowlist prefix bypass in OIDC verification
# CVE Reservation Request
<!--
There's help in the Eclipse Foundation Project Handbook https://www.eclipse.org/projects/handbook/#vulnerability-cve
Note that this issue is configured (see the quick actions at the bottom) to be created as confidential.
Note that a vulnerability does not need to actually be resolved before it is reported and that these reports can be revised as needed (reopen the issue to request changes).
If you do not know how to fill certain fields, mark that in the comment and we will help you.
You can delete the comments (or not).
-->
The Eclipse Foundation is a [Common Vulnerabilities and Exposures](https://cve.mitre.org/) (CVE) Numbering Authority.
Creating this ticket initiates **reservation** of a CVE ID for the documented vulnerability. The reserved CVE ID will be posted in a comment below, and kept **confidential** until explicit publication request.
> [!note]
> To request CVE *publication*, please open a [CVE publication](https://gitlab.eclipse.org/security/cve-assignment/-/issues/new?issuable_template=CVE%20Publication%20Request) ticket.
Please fill in the fields below to draft the CVE record.
---
<!--
Required. Specify the project's name (e.g., "Eclipse Dash") and Eclipse Foundation ID, e.g., "technology.dash".
-->
## CVE record information
**Project name:** Eclipse CSI - PIA
**Project id:** technology.csi
**Versions affected:** \<=0.3.0
**Common Weakness Enumeration (CWE):**
- CWE-918 Server-Side Request Forgery (SSRF)
**Common Vulnerability Scoring System:** CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N
**Summary:**
PIA's OIDC issuer allowlist for Jenkins tokens uses a bare string-prefix check (issuer.startswith('https://ci.eclipse.org') in is_issuer_known, pia/models.py:139) instead of validating the issuer as a properly host-bounded URL. An attacker can craft an issuer such as https://ci.eclipse.org@evil.host (userinfo trick) or https://ci.eclipse.org.evil.host (suffix trick) that satisfies the prefix check while pointing the OIDC discovery and JWKS fetches at a server the attacker controls. An unauthenticated caller of POST /v1/upload/sbom can use this to force PIA to make outbound HTTP(S) requests to an arbitrary attacker-chosen host, and to have oidc.verify_token accept a JWT signed with the attacker's own key.
**Links:**
- https://github.com/eclipse-csi/pia/security/advisories/GHSA-j3g8-hf9c-x4ww
<!-- Quick actions will configure the state of the issue. Leave these. -->
<!-- Keep this as the last line -->
issue