CVE-2024-1132

Name of the Vulnerable Software and Affected Versions Keycloak (affected versions not specified)

Description A flaw was found in Keycloak, where it does not properly validate URLs included in a redirect. This issue could allow an attacker to construct a malicious request to bypass validation and access other URLs and sensitive information within the domain or conduct further attacks. The flaw affects any client that utilizes a wildcard in the Valid Redirect URIs field and requires user interaction within the malicious URL.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.