7.4 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H
7.2 High
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
13.1%
org.keycloak, keycloak-services is vulnerable to Cross-Site Request Forgery (CSRF). The vulnerability is due to inadequate validation of cross-origin messages in Keycloak’s OIDC component’s “checkLoginIframe,” allowing attackers to exploit Cross-Site Request Forgery (CSRF) attacks.
CPE | Name | Operator | Version |
---|---|---|---|
keycloak rest services | le | 24.0.2 | |
keycloak rest services | le | 24.0.2 |
access.redhat.com/errata/RHSA-2024:1860
access.redhat.com/errata/RHSA-2024:1861
access.redhat.com/errata/RHSA-2024:1862
access.redhat.com/errata/RHSA-2024:1864
access.redhat.com/errata/RHSA-2024:1866
access.redhat.com/errata/RHSA-2024:1867
access.redhat.com/errata/RHSA-2024:1868
access.redhat.com/errata/RHSA-2024:2945
access.redhat.com/errata/RHSA-2024:4057
access.redhat.com/security/cve/CVE-2024-1249
bugzilla.redhat.com/show_bug.cgi?id=2262918
github.com/keycloak/keycloak/commit/9d9817e15a07195f16f554b7f60ee3a918369e26
github.com/keycloak/keycloak/commit/e3598a53678a1e3698e78eb71e04ba10ca32e5e2
github.com/keycloak/keycloak/security/advisories/GHSA-m6q9-p373-g5q8
7.4 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H
7.2 High
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
13.1%