Lucene search
GitHub Advisory DatabaseGHSA-MRV8-PQFJ-7GP5HistoryApr 17, 2024 - 5:31 p.m.
Keycloak path traversal vulnerability in the redirect validation
2024-04-1717:31:12
CWE-346
CWE-601
GitHub Advisory Database
github.com
18
keycloak
path traversal
vulnerability
redirect validation
bypass
allowed hosts
software
7.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
7.1 High
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
15.6%
An issue was found in the redirect_uri validation logic that allows for a bypass of otherwise explicitly allowed hosts.
Affected configurations
Node
org.keycloak\keycloakMatchservices
ORorg.keycloak\keycloakMatchservices
ORorg.keycloak\keycloakMatchservices
| CPE | Name | Operator | Version |
|---|---|---|---|
| org.keycloak:keycloak-services | ge | 23.0.0 | |
| org.keycloak:keycloak-services | lt | 24.0.3 | |
| org.keycloak:keycloak-services | lt | 22.0.10 |
Related
veracode
veracode
Path Traversal
2024-04-18 05:23:34
osv
osv
Keycloak path traversal vulnerability in the redirect validation
2024-04-17 17:31:12
cgr
cgr
CVE-2024-2419 vulnerabilities
2024-05-19 03:07:16
wolfi
wolfi
CVE-2024-2419 vulnerabilities
2024-06-25 15:33:25
cve
cve
CVE-2024-2419
2024-04-17 14:15:08
redhatcve
redhatcve
CVE-2024-2419
2024-04-17 13:02:42
nvd
nvd
CVE-2024-2419
2024-04-17 14:15:08
cvelist
cvelist
CVE-2024-2419 Keycloak: path traversal in the redirect validation
2024-04-17 13:23:34
redhat
redhat
7.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
7.1 High
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
15.6%
Related for GHSA-MRV8-PQFJ-7GP5