Lucene search
GoogleOSV:GHSA-MRV8-PQFJ-7GP5HistoryApr 17, 2024 - 5:31 p.m.
Keycloak path traversal vulnerability in the redirect validation
2024-04-1717:31:12
Google
osv.dev
13
keycloak
path traversal
vulnerability
redirect validation
bypass
allowed hosts
software
7.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
6.8 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
15.6%
An issue was found in the redirect_uri validation logic that allows for a bypass of otherwise explicitly allowed hosts.
Related
veracode
veracode
Path Traversal
2024-04-18 05:23:34
cgr
cgr
CVE-2024-2419 vulnerabilities
2024-05-19 03:07:16
wolfi
wolfi
CVE-2024-2419 vulnerabilities
2024-06-25 15:33:25
github
github
Keycloak path traversal vulnerability in the redirect validation
2024-04-17 17:31:12
cve
cve
CVE-2024-2419
2024-04-17 14:15:08
redhatcve
redhatcve
CVE-2024-2419
2024-04-17 13:02:42
nvd
nvd
CVE-2024-2419
2024-04-17 14:15:08
cvelist
cvelist
CVE-2024-2419 Keycloak: path traversal in the redirect validation
2024-04-17 13:23:34
redhat
redhat
7.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
6.8 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
15.6%
Related for OSV:GHSA-MRV8-PQFJ-7GP5