Cross-Site Request Forgery (CSRF)

org.keycloak, keycloak-services is vulnerable to Cross-Site Request Forgery CSRF. The vulnerability is due to inadequate validation of cross-origin messages in Keycloak's OIDC component's "checkLoginIframe," allowing attackers to exploit Cross-Site Request Forgery CSRF attacks...

PT-2024-17623 · Red Hat · Keycloak

Name of the Vulnerable Software and Affected Versions: Keycloak affected versions not specified Description: A flaw was found in Keycloak's OIDC component in the checkLoginIframe, which allows unvalidated cross-origin messages. This flaw allows attackers to coordinate and send millions of request...