CVE-2024-8883

CVSS v4.0

7.7

High

Vector

AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:L/SA:N

Name of the Vulnerable Software and Affected Versions: Keycloak (affected versions not specified)

Description: A misconfiguration flaw was found in Keycloak, allowing an attacker to redirect users to an arbitrary URL if a 'Valid Redirect URI' is set to http://localhost or http://127.0.0.1. This enables sensitive information, such as authorization codes, to be exposed to the attacker, potentially leading to session hijacking.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Open Redirect

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-601

Related Identifiers

ALT-PU-2025-13422

ALT-PU-2025-2871

CVE-2024-8883

GHSA-VVF8-2H68-9475

GHSA-W8GR-XWP4-R9F7

RHSA-2024:10386

RHSA-2024:6878

RHSA-2024:6879

RHSA-2024:6880

RHSA-2024:8823

RHSA-2024:8824

Affected Products

Alt Linux

Keycloak

CVE-2024-8883

Weakness Enumeration

Related Identifiers

Affected Products

References · 32