PT-2024-20311 · Red Hat · Keycloak

Patrick Del Bello

Published

2024-04-17

Updated

2024-04-17

CVE-2024-2419

CVSS v3.1

7.1

High

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

Name of the Vulnerable Software and Affected Versions Keycloak (affected versions not specified)

Description A flaw was found in Keycloak's redirect uri validation logic, which may allow a bypass of otherwise explicitly allowed hosts. This issue could lead to the theft of an access token, enabling an attacker to impersonate other users.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Origin Validation Error

Open Redirect

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-346CWE-601

Related Identifiers

CVE-2024-2419

GHSA-MRV8-PQFJ-7GP5

Affected Products

Keycloak

PT-2024-20311 · Red Hat · Keycloak

CVE-2024-2419

Weakness Enumeration

Related Identifiers

Affected Products

References · 12