CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
AI Score
Confidence
Low
EPSS
Percentile
17.0%
A flaw was found in Keycloak, where it does not properly validate URLs included in a redirect. This issue could allow an attacker to construct a malicious request to bypass validation and access other URLs and sensitive information within the domain or conduct further attacks. This flaw affects any client that utilizes a wildcard in the Valid Redirect URIs field, and requires user interaction within the malicious URL.
[
{
"versions": [
{
"status": "affected",
"version": "21.1.0",
"lessThan": "22.0.10",
"versionType": "semver"
},
{
"status": "affected",
"version": "23.0.0",
"lessThan": "24.0.3",
"versionType": "semver"
}
],
"packageName": "keycloak",
"collectionURL": "https://github.com/keycloak/keycloak",
"defaultStatus": "unaffected"
},
{
"vendor": "Red Hat",
"product": "Migration Toolkit for Runtimes 1 on RHEL 8",
"collectionURL": "https://catalog.redhat.com/software/containers/",
"packageName": "mtr/mtr-operator-bundle",
"defaultStatus": "affected",
"versions": [
{
"version": "1.2-23",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"cpes": [
"cpe:/a:redhat:migration_toolkit_runtimes:1.0::el8"
]
},
{
"vendor": "Red Hat",
"product": "Migration Toolkit for Runtimes 1 on RHEL 8",
"collectionURL": "https://catalog.redhat.com/software/containers/",
"packageName": "mtr/mtr-rhel8-operator",
"defaultStatus": "affected",
"versions": [
{
"version": "1.2-15",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"cpes": [
"cpe:/a:redhat:migration_toolkit_runtimes:1.0::el8"
]
},
{
"vendor": "Red Hat",
"product": "Migration Toolkit for Runtimes 1 on RHEL 8",
"collectionURL": "https://catalog.redhat.com/software/containers/",
"packageName": "mtr/mtr-web-container-rhel8",
"defaultStatus": "affected",
"versions": [
{
"version": "1.2-16",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"cpes": [
"cpe:/a:redhat:migration_toolkit_runtimes:1.0::el8"
]
},
{
"vendor": "Red Hat",
"product": "Migration Toolkit for Runtimes 1 on RHEL 8",
"collectionURL": "https://catalog.redhat.com/software/containers/",
"packageName": "mtr/mtr-web-executor-container-rhel8",
"defaultStatus": "affected",
"versions": [
{
"version": "1.2-14",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"cpes": [
"cpe:/a:redhat:migration_toolkit_runtimes:1.0::el8"
]
},
{
"vendor": "Red Hat",
"product": "MTA-6.2-RHEL-9",
"collectionURL": "https://catalog.redhat.com/software/containers/",
"packageName": "mta/mta-windup-addon-rhel9",
"defaultStatus": "affected",
"versions": [
{
"version": "6.2.3-2",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"cpes": [
"cpe:/a:redhat:migration_toolkit_applications:6.2::el9",
"cpe:/a:redhat:migration_toolkit_applications:6.2::el8"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat build of Keycloak 22",
"collectionURL": "https://catalog.redhat.com/software/containers/",
"packageName": "rhbk/keycloak-operator-bundle",
"defaultStatus": "affected",
"versions": [
{
"version": "22.0.10-1",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"cpes": [
"cpe:/a:redhat:build_keycloak:22::el9"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat build of Keycloak 22",
"collectionURL": "https://catalog.redhat.com/software/containers/",
"packageName": "rhbk/keycloak-rhel9",
"defaultStatus": "affected",
"versions": [
{
"version": "22-13",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"cpes": [
"cpe:/a:redhat:build_keycloak:22::el9"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat build of Keycloak 22",
"collectionURL": "https://catalog.redhat.com/software/containers/",
"packageName": "rhbk/keycloak-rhel9-operator",
"defaultStatus": "affected",
"versions": [
{
"version": "22-16",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"cpes": [
"cpe:/a:redhat:build_keycloak:22::el9"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat build of Keycloak 22.0.10",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"defaultStatus": "unaffected",
"packageName": "keycloak",
"cpes": [
"cpe:/a:redhat:build_keycloak:22"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat JBoss AMQ Broker 7",
"collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
"defaultStatus": "unaffected",
"packageName": "keycloak",
"cpes": [
"cpe:/a:redhat:amq_broker:7.10"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat JBoss AMQ Broker 7",
"collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
"defaultStatus": "unaffected",
"packageName": "keycloak",
"cpes": [
"cpe:/a:redhat:amq_broker:7.11"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat JBoss AMQ Broker 7",
"collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
"defaultStatus": "unaffected",
"packageName": "keycloak",
"cpes": [
"cpe:/a:redhat:amq_broker:7.12"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat Single Sign-On 7.6 for RHEL 7",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "rh-sso7-keycloak",
"defaultStatus": "affected",
"versions": [
{
"version": "0:18.0.13-1.redhat_00001.1.el7sso",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"cpes": [
"cpe:/a:redhat:red_hat_single_sign_on:7.6::el7"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat Single Sign-On 7.6 for RHEL 8",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "rh-sso7-keycloak",
"defaultStatus": "affected",
"versions": [
{
"version": "0:18.0.13-1.redhat_00001.1.el8sso",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"cpes": [
"cpe:/a:redhat:red_hat_single_sign_on:7.6::el8"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat Single Sign-On 7.6 for RHEL 9",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "rh-sso7-keycloak",
"defaultStatus": "affected",
"versions": [
{
"version": "0:18.0.13-1.redhat_00001.1.el9sso",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"cpes": [
"cpe:/a:redhat:red_hat_single_sign_on:7.6::el9"
]
},
{
"vendor": "Red Hat",
"product": "RHEL-8 based Middleware Containers",
"collectionURL": "https://catalog.redhat.com/software/containers/",
"packageName": "rh-sso-7/sso76-openshift-rhel8",
"defaultStatus": "affected",
"versions": [
{
"version": "7.6-46",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"cpes": [
"cpe:/a:redhat:rhosemc:1.0::el8"
]
},
{
"vendor": "Red Hat",
"product": "RHSSO 7.6.8",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"defaultStatus": "unaffected",
"packageName": "keycloak",
"cpes": [
"cpe:/a:redhat:red_hat_single_sign_on:7.6"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat build of Apicurio Registry",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "keycloak",
"defaultStatus": "affected",
"cpes": [
"cpe:/a:redhat:service_registry:2"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat build of Quarkus",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "org.keycloak/keycloak-core",
"defaultStatus": "affected",
"cpes": [
"cpe:/a:redhat:quarkus:3"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat Data Grid 8",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "org.wildfly.security-wildfly-elytron-parent",
"defaultStatus": "unaffected",
"cpes": [
"cpe:/a:redhat:jboss_data_grid:8"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat Decision Manager 7",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "keycloak",
"defaultStatus": "unknown",
"cpes": [
"cpe:/a:redhat:jboss_enterprise_brms_platform:7"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat JBoss Data Grid 7",
"collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
"packageName": "keycloak",
"defaultStatus": "unaffected",
"cpes": [
"cpe:/a:redhat:jboss_data_grid:7"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat JBoss Enterprise Application Platform 6",
"collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
"packageName": "keycloak",
"defaultStatus": "unknown",
"cpes": [
"cpe:/a:redhat:jboss_enterprise_application_platform:6"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat JBoss Enterprise Application Platform 7",
"collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
"packageName": "keycloak",
"defaultStatus": "unaffected",
"cpes": [
"cpe:/a:redhat:jboss_enterprise_application_platform:7"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat JBoss Fuse 7",
"collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
"packageName": "keycloak",
"defaultStatus": "affected",
"cpes": [
"cpe:/a:redhat:jboss_fuse:7"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat Process Automation 7",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "keycloak",
"defaultStatus": "affected",
"cpes": [
"cpe:/a:redhat:jboss_enterprise_bpms_platform:7"
]
}
]
access.redhat.com/errata/RHSA-2024:1860
access.redhat.com/errata/RHSA-2024:1861
access.redhat.com/errata/RHSA-2024:1862
access.redhat.com/errata/RHSA-2024:1864
access.redhat.com/errata/RHSA-2024:1866
access.redhat.com/errata/RHSA-2024:1867
access.redhat.com/errata/RHSA-2024:1868
access.redhat.com/errata/RHSA-2024:2945
access.redhat.com/errata/RHSA-2024:3752
access.redhat.com/errata/RHSA-2024:3762
access.redhat.com/errata/RHSA-2024:3919
access.redhat.com/errata/RHSA-2024:3989
access.redhat.com/security/cve/CVE-2024-1132
bugzilla.redhat.com/show_bug.cgi?id=2262117
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
AI Score
Confidence
Low
EPSS
Percentile
17.0%