Lucene search

GitHub Advisory DatabaseGHSA-72VP-XFRC-42XM

HistoryApr 17, 2024 - 6:25 p.m.

Keycloak path traversal vulnerability in redirection validation

2024-04-1718:25:08

CWE-22

GitHub Advisory Database

github.com

keycloak

path transversal

redirection validation

malicious request

sensitive information

wildcard

axel flamcourt

vulnerability

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

AI Score

7.9

Confidence

High

EPSS

0.001

Percentile

17.0%

JSON

A flaw was found in Keycloak, where it does not properly validate URLs included in a redirect. An attacker can use this flaw to construct a malicious request to bypass validation and access other URLs and potentially sensitive information within the domain or possibly conduct further attacks. This flaw affects any client that utilizes a wildcard in the Valid Redirect URIs field.

Acknowledgements:

Special thanks to Axel Flamcourt for reporting this issue and helping us improve our project.

Affected configurations

Vulners

Node

org.keycloakkeycloak-servicesRange23.0.0–24.0.3

org.keycloakkeycloak-servicesRange<22.0.10

VendorProductVersionCPE
org.keycloakkeycloak-services*cpe:2.3:a:org.keycloak:keycloak-services:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
org.keycloak	keycloak-services	*	cpe:2.3:a:org.keycloak:keycloak-services::::::::

References

access.redhat.com/errata/RHSA-2024:1860

access.redhat.com/errata/RHSA-2024:1861

access.redhat.com/errata/RHSA-2024:1862

access.redhat.com/errata/RHSA-2024:1864

access.redhat.com/errata/RHSA-2024:1866

access.redhat.com/errata/RHSA-2024:1867

access.redhat.com/errata/RHSA-2024:1868

access.redhat.com/errata/RHSA-2024:2945

access.redhat.com/errata/RHSA-2024:3752

access.redhat.com/errata/RHSA-2024:3762

access.redhat.com/errata/RHSA-2024:3919

access.redhat.com/errata/RHSA-2024:3989

access.redhat.com/security/cve/CVE-2024-1132

bugzilla.redhat.com/show_bug.cgi?id=2262117

github.com/advisories/GHSA-72vp-xfrc-42xm

github.com/keycloak/keycloak/security/advisories/GHSA-72vp-xfrc-42xm

nvd.nist.gov/vuln/detail/CVE-2024-1132

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

AI Score

7.9

Confidence

High

EPSS

0.001

Percentile

17.0%

JSON

Related for GHSA-72VP-XFRC-42XM