6 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
HIGH
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
LOW
CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L
7 High
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
10.4%
Keycloak allows arbitrary URLs as SAML Assertion Consumer Service POST Binding URL (ACS), including JavaScript URIs (javascript:).
Allowing JavaScript URIs in combination with HTML forms leads to JavaScript evaluation in the context of the embedding origin on form submission.
Special thanks to Lauritz Holtmann for reporting this issue and helping us improve our project.
CPE | Name | Operator | Version |
---|---|---|---|
org.keycloak:keycloak-services | ge | 23.0.0 | |
org.keycloak:keycloak-services | lt | 24.0.3 | |
org.keycloak:keycloak-services | lt | 22.0.10 |
access.redhat.com/errata/RHSA-2024:1867
access.redhat.com/errata/RHSA-2024:1868
access.redhat.com/errata/RHSA-2024:2945
access.redhat.com/errata/RHSA-2024:4057
access.redhat.com/security/cve/CVE-2023-6717
bugzilla.redhat.com/show_bug.cgi?id=2253952
github.com/advisories/GHSA-8rmm-gm28-pj8q
github.com/keycloak/keycloak/security/advisories/GHSA-8rmm-gm28-pj8q
nvd.nist.gov/vuln/detail/CVE-2023-6717
6 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
HIGH
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
LOW
CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L
7 High
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
10.4%