ГлавнаяУязвимости → CVE-2024-1132
8.1высокая

CVE-2024-1132

Описание

A flaw was found in Keycloak, where it does not properly validate URLs included in a redirect. This issue could allow an attacker to construct a malicious request to bypass validation and access other URLs and sensitive information within the domain or conduct further attacks. This flaw affects any client that utilizes a wildcard in the Valid Redirect URIs field, and requires user interaction within the malicious URL.

Затрагиваемое ПО
Redhat Build of keycloakRedhat Jboss middleware text-only advisoriesRedhat KeycloakRedhat Migration toolkit for applicationsRedhat Migration toolkit for runtimesRedhat Openshift container platformRedhat Openshift container platform for ibm zRedhat Openshift container platform for linuxoneRedhat Openshift container platform for powerRedhat Single sign-on
CVSS
Балл8.1 — высокая
ВекторCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
Источники
https://access.redhat.com/errata/RHSA-2024:1860https://access.redhat.com/errata/RHSA-2024:1861https://access.redhat.com/errata/RHSA-2024:1862https://access.redhat.com/errata/RHSA-2024:1864https://access.redhat.com/errata/RHSA-2024:1866https://access.redhat.com/errata/RHSA-2024:1867https://access.redhat.com/errata/RHSA-2024:1868https://access.redhat.com/errata/RHSA-2024:2945