Lucene search
RedhatCVELIST:CVE-2024-1249HistoryApr 17, 2024 - 1:22 p.m.
CVE-2024-1249 Keycloak: org.keycloak.protocol.oidc: unvalidated cross-origin messages in checkloginiframe leads to ddos
2024-04-1713:22:48
CWE-346
redhat
www.cve.org
5
keycloak
oidc
cross-origin messages
ddos
availability
CVSS3
7.4
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H
EPSS
0
Percentile
13.0%
A flaw was found in Keycloak’s OIDC component in the “checkLoginIframe,” which allows unvalidated cross-origin messages. This flaw allows attackers to coordinate and send millions of requests in seconds using simple code, significantly impacting the application’s availability without proper origin validation for incoming messages.
CNA Affected
[
{
"versions": [
{
"status": "affected",
"version": "21.1.0",
"lessThan": "22.0.10",
"versionType": "semver"
},
{
"status": "affected",
"version": "23.0.0",
"lessThan": "24.0.3",
"versionType": "semver"
}
],
"packageName": "keycloak",
"collectionURL": "https://github.com/keycloak/keycloak",
"defaultStatus": "unaffected"
},
{
"vendor": "Red Hat",
"product": "Red Hat build of Keycloak 22",
"collectionURL": "https://catalog.redhat.com/software/containers/",
"packageName": "rhbk/keycloak-operator-bundle",
"defaultStatus": "affected",
"versions": [
{
"version": "22.0.10-1",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"cpes": [
"cpe:/a:redhat:build_keycloak:22::el9"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat build of Keycloak 22",
"collectionURL": "https://catalog.redhat.com/software/containers/",
"packageName": "rhbk/keycloak-rhel9",
"defaultStatus": "affected",
"versions": [
{
"version": "22-13",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"cpes": [
"cpe:/a:redhat:build_keycloak:22::el9"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat build of Keycloak 22",
"collectionURL": "https://catalog.redhat.com/software/containers/",
"packageName": "rhbk/keycloak-rhel9-operator",
"defaultStatus": "affected",
"versions": [
{
"version": "22-16",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"cpes": [
"cpe:/a:redhat:build_keycloak:22::el9"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat build of Keycloak 22.0.10",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"defaultStatus": "unaffected",
"packageName": "keycloak",
"cpes": [
"cpe:/a:redhat:build_keycloak:22"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat JBoss AMQ Broker 7",
"collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
"defaultStatus": "unaffected",
"packageName": "keycloak",
"cpes": [
"cpe:/a:redhat:amq_broker:7.12"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat Single Sign-On 7.6 for RHEL 7",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "rh-sso7-keycloak",
"defaultStatus": "affected",
"versions": [
{
"version": "0:18.0.13-1.redhat_00001.1.el7sso",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"cpes": [
"cpe:/a:redhat:red_hat_single_sign_on:7.6::el7"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat Single Sign-On 7.6 for RHEL 8",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "rh-sso7-keycloak",
"defaultStatus": "affected",
"versions": [
{
"version": "0:18.0.13-1.redhat_00001.1.el8sso",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"cpes": [
"cpe:/a:redhat:red_hat_single_sign_on:7.6::el8"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat Single Sign-On 7.6 for RHEL 9",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "rh-sso7-keycloak",
"defaultStatus": "affected",
"versions": [
{
"version": "0:18.0.13-1.redhat_00001.1.el9sso",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"cpes": [
"cpe:/a:redhat:red_hat_single_sign_on:7.6::el9"
]
},
{
"vendor": "Red Hat",
"product": "RHEL-8 based Middleware Containers",
"collectionURL": "https://catalog.redhat.com/software/containers/",
"packageName": "rh-sso-7/sso76-openshift-rhel8",
"defaultStatus": "affected",
"versions": [
{
"version": "7.6-46",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"cpes": [
"cpe:/a:redhat:rhosemc:1.0::el8"
]
},
{
"vendor": "Red Hat",
"product": "RHOSS-1.33-RHEL-8",
"collectionURL": "https://catalog.redhat.com/software/containers/",
"packageName": "openshift-serverless-1/logic-data-index-ephemeral-rhel8",
"defaultStatus": "affected",
"versions": [
{
"version": "1.33.0-5",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"cpes": [
"cpe:/a:redhat:openshift_serverless:1.33::el8"
]
},
{
"vendor": "Red Hat",
"product": "RHOSS-1.33-RHEL-8",
"collectionURL": "https://catalog.redhat.com/software/containers/",
"packageName": "openshift-serverless-1/logic-data-index-postgresql-rhel8",
"defaultStatus": "affected",
"versions": [
{
"version": "1.33.0-5",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"cpes": [
"cpe:/a:redhat:openshift_serverless:1.33::el8"
]
},
{
"vendor": "Red Hat",
"product": "RHOSS-1.33-RHEL-8",
"collectionURL": "https://catalog.redhat.com/software/containers/",
"packageName": "openshift-serverless-1/logic-jobs-service-ephemeral-rhel8",
"defaultStatus": "affected",
"versions": [
{
"version": "1.33.0-5",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"cpes": [
"cpe:/a:redhat:openshift_serverless:1.33::el8"
]
},
{
"vendor": "Red Hat",
"product": "RHOSS-1.33-RHEL-8",
"collectionURL": "https://catalog.redhat.com/software/containers/",
"packageName": "openshift-serverless-1/logic-jobs-service-postgresql-rhel8",
"defaultStatus": "affected",
"versions": [
{
"version": "1.33.0-5",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"cpes": [
"cpe:/a:redhat:openshift_serverless:1.33::el8"
]
},
{
"vendor": "Red Hat",
"product": "RHOSS-1.33-RHEL-8",
"collectionURL": "https://catalog.redhat.com/software/containers/",
"packageName": "openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8",
"defaultStatus": "affected",
"versions": [
{
"version": "1.33.0-5",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"cpes": [
"cpe:/a:redhat:openshift_serverless:1.33::el8"
]
},
{
"vendor": "Red Hat",
"product": "RHOSS-1.33-RHEL-8",
"collectionURL": "https://catalog.redhat.com/software/containers/",
"packageName": "openshift-serverless-1/logic-operator-bundle",
"defaultStatus": "affected",
"versions": [
{
"version": "1.33.0-5",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"cpes": [
"cpe:/a:redhat:openshift_serverless:1.33::el8"
]
},
{
"vendor": "Red Hat",
"product": "RHOSS-1.33-RHEL-8",
"collectionURL": "https://catalog.redhat.com/software/containers/",
"packageName": "openshift-serverless-1/logic-rhel8-operator",
"defaultStatus": "affected",
"versions": [
{
"version": "1.33.0-3",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"cpes": [
"cpe:/a:redhat:openshift_serverless:1.33::el8"
]
},
{
"vendor": "Red Hat",
"product": "RHOSS-1.33-RHEL-8",
"collectionURL": "https://catalog.redhat.com/software/containers/",
"packageName": "openshift-serverless-1/logic-swf-builder-rhel8",
"defaultStatus": "affected",
"versions": [
{
"version": "1.33.0-5",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"cpes": [
"cpe:/a:redhat:openshift_serverless:1.33::el8"
]
},
{
"vendor": "Red Hat",
"product": "RHOSS-1.33-RHEL-8",
"collectionURL": "https://catalog.redhat.com/software/containers/",
"packageName": "openshift-serverless-1/logic-swf-devmode-rhel8",
"defaultStatus": "affected",
"versions": [
{
"version": "1.33.0-5",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"cpes": [
"cpe:/a:redhat:openshift_serverless:1.33::el8"
]
},
{
"vendor": "Red Hat",
"product": "RHSSO 7.6.8",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"defaultStatus": "unaffected",
"packageName": "keycloak",
"cpes": [
"cpe:/a:redhat:red_hat_single_sign_on:7.6"
]
},
{
"vendor": "Red Hat",
"product": "Migration Toolkit for Applications 6",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "mta/mta-ui-rhel9",
"defaultStatus": "affected",
"cpes": [
"cpe:/a:redhat:migration_toolkit_applications:6"
]
},
{
"vendor": "Red Hat",
"product": "Migration Toolkit for Applications 7",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "mta/mta-ui-rhel9",
"defaultStatus": "affected",
"cpes": [
"cpe:/a:redhat:migration_toolkit_applications:7"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat build of Apicurio Registry",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "keycloak",
"defaultStatus": "affected",
"cpes": [
"cpe:/a:redhat:service_registry:2"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat Data Grid 8",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "keycloak",
"defaultStatus": "unaffected",
"cpes": [
"cpe:/a:redhat:jboss_data_grid:8"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat Decision Manager 7",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "keycloak",
"defaultStatus": "affected",
"cpes": [
"cpe:/a:redhat:jboss_enterprise_brms_platform:7"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat Developer Hub",
"collectionURL": "https://catalog.redhat.com/software/containers/",
"packageName": "rhdh-hub-container",
"defaultStatus": "unaffected",
"cpes": [
"cpe:/a:redhat:rhdh:1"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat JBoss Data Grid 7",
"collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
"packageName": "keycloak",
"defaultStatus": "unaffected",
"cpes": [
"cpe:/a:redhat:jboss_data_grid:7"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat JBoss Enterprise Application Platform 6",
"collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
"packageName": "keycloak",
"defaultStatus": "unknown",
"cpes": [
"cpe:/a:redhat:jboss_enterprise_application_platform:6"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat JBoss Enterprise Application Platform 6",
"collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
"packageName": "keycloak-adapter-eap6",
"defaultStatus": "unknown",
"cpes": [
"cpe:/a:redhat:jboss_enterprise_application_platform:6"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat JBoss Enterprise Application Platform 6",
"collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
"packageName": "keycloak-adapter-sso7_2-eap6",
"defaultStatus": "unknown",
"cpes": [
"cpe:/a:redhat:jboss_enterprise_application_platform:6"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat JBoss Enterprise Application Platform 6",
"collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
"packageName": "keycloak-adapter-sso7_3-eap6",
"defaultStatus": "unknown",
"cpes": [
"cpe:/a:redhat:jboss_enterprise_application_platform:6"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat JBoss Enterprise Application Platform 6",
"collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
"packageName": "keycloak-adapter-sso7_4-eap6",
"defaultStatus": "unknown",
"cpes": [
"cpe:/a:redhat:jboss_enterprise_application_platform:6"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat JBoss Enterprise Application Platform 6",
"collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
"packageName": "keycloak-adapter-sso7_5-eap6",
"defaultStatus": "unknown",
"cpes": [
"cpe:/a:redhat:jboss_enterprise_application_platform:6"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat JBoss Enterprise Application Platform 6",
"collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
"packageName": "org.keycloak-keycloak-parent",
"defaultStatus": "unknown",
"cpes": [
"cpe:/a:redhat:jboss_enterprise_application_platform:6"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat JBoss Enterprise Application Platform 6",
"collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
"packageName": "rh-sso7-keycloak",
"defaultStatus": "unknown",
"cpes": [
"cpe:/a:redhat:jboss_enterprise_application_platform:6"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat JBoss Enterprise Application Platform 7",
"collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
"packageName": "keycloak",
"defaultStatus": "affected",
"cpes": [
"cpe:/a:redhat:jboss_enterprise_application_platform:7"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat JBoss Enterprise Application Platform 8",
"collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
"packageName": "keycloak",
"defaultStatus": "affected",
"cpes": [
"cpe:/a:redhat:jboss_enterprise_application_platform:8"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat JBoss Enterprise Application Platform Expansion Pack",
"collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
"packageName": "keycloak",
"defaultStatus": "unaffected",
"cpes": [
"cpe:/a:redhat:jbosseapxp"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat JBoss Fuse 7",
"collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
"packageName": "keycloak",
"defaultStatus": "unaffected",
"cpes": [
"cpe:/a:redhat:jboss_fuse:7"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat Process Automation 7",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "keycloak",
"defaultStatus": "affected",
"cpes": [
"cpe:/a:redhat:jboss_enterprise_bpms_platform:7"
]
},
{
"vendor": "Red Hat",
"product": "streams for Apache Kafka",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "keycloak",
"defaultStatus": "unaffected",
"cpes": [
"cpe:/a:redhat:amq_streams:1"
]
}
]References
access.redhat.com/errata/RHSA-2024:1860
access.redhat.com/errata/RHSA-2024:1861
access.redhat.com/errata/RHSA-2024:1862
access.redhat.com/errata/RHSA-2024:1864
access.redhat.com/errata/RHSA-2024:1866
access.redhat.com/errata/RHSA-2024:1867
access.redhat.com/errata/RHSA-2024:1868
access.redhat.com/errata/RHSA-2024:2945
access.redhat.com/errata/RHSA-2024:4057
access.redhat.com/security/cve/CVE-2024-1249
bugzilla.redhat.com/show_bug.cgi?id=2262918
Related
osv
osv
CGA-h38j-5xg3-x5v6
2024-06-06 12:27:36
CGA-vrqx-gvvc-7hch
2024-06-06 12:29:36
vulnrichment
vulnrichment
cgr
cgr
CVE-2024-1249 vulnerabilities
2024-05-19 03:07:16
github
github
veracode
veracode
Cross-Site Request Forgery (CSRF)
2024-04-18 04:19:15
redhatcve
redhatcve
CVE-2024-1249
2024-04-17 13:02:45
wolfi
wolfi
CVE-2024-1249 vulnerabilities
2024-09-27 09:13:12
nvd
nvd
CVE-2024-1249
2024-04-17 14:15:08
cve
cve
CVE-2024-1249
2024-04-17 14:15:08
redhat
redhat
nessus
nessus
CVSS3
7.4
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H
EPSS
0
Percentile
13.0%
Related for CVELIST:CVE-2024-1249