Red Hat · Keycloak · CVE-2024-8883
Name of the Vulnerable Software and Affected Versions:
Keycloak (affected versions not specified)
Description:
A misconfiguration flaw was found in Keycloak, allowing an attacker to redirect users to an arbitrary URL if a 'Valid Redirect URI' is set to http://localhost or http://127.0.0.1. This enables sensitive information, such as authorization codes, to be exposed to the attacker, potentially leading to session hijacking.
Recommendations:
At the moment, there is no information about a newer version that contains a fix for this vulnerability.