PT-2024-17623 · Red Hat · Keycloak

Tej Rathi

Published

2024-04-17

Updated

2025-07-08

CVE-2024-1249

CVSS v3.1

7.4

High

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Keycloak (affected versions not specified)

Description A flaw was found in Keycloak's OIDC component in the checkLoginIframe, which allows unvalidated cross-origin messages. This flaw allows attackers to coordinate and send millions of requests in seconds using simple code, significantly impacting the application's availability without proper origin validation for incoming messages.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

DoS

Origin Validation Error

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-346

Related Identifiers

CVE-2024-1249

GHSA-M6Q9-P373-G5Q8

RHSA-2024:1860

RHSA-2024:1861

RHSA-2024:1862

RHSA-2025:9582

RHSA-2025:9583

Affected Products

Keycloak

PT-2024-17623 · Red Hat · Keycloak

CVE-2024-1249

Weakness Enumeration

Related Identifiers

Affected Products

References · 28