We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.
Please see our statement on Data Privacy.
Assigner | redhat |
Reserved | 2024-09-16 |
Published | 2024-09-19 |
Updated | 2024-10-30 |
A misconfiguration flaw was found in Keycloak. This issue can allow an attacker to redirect users to an arbitrary URL if a 'Valid Redirect URI' is set to http://localhost or http://127.0.0.1, enabling sensitive information such as authorization codes to be exposed to the attacker, potentially leading to session hijacking.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
2024-09-16: | Reported to Red Hat. |
2024-09-19: | Made public. |
Red Hat would like to thank Karsten Meyer zu Selhausen and Niklas Conrad for reporting this issue.
https://access.redhat.com/errata/RHSA-2024:6878 (RHSA-2024:6878)
https://access.redhat.com/errata/RHSA-2024:6879 (RHSA-2024:6879)
https://access.redhat.com/errata/RHSA-2024:6880 (RHSA-2024:6880)
https://access.redhat.com/errata/RHSA-2024:6882 (RHSA-2024:6882)
https://access.redhat.com/errata/RHSA-2024:6886 (RHSA-2024:6886)
https://access.redhat.com/errata/RHSA-2024:6887 (RHSA-2024:6887)
https://access.redhat.com/errata/RHSA-2024:6888 (RHSA-2024:6888)
https://access.redhat.com/errata/RHSA-2024:6889 (RHSA-2024:6889)
https://access.redhat.com/errata/RHSA-2024:6890 (RHSA-2024:6890)
https://access.redhat.com/security/cve/CVE-2024-8883
https://bugzilla.redhat.com/show_bug.cgi?id=2312511 (RHBZ#2312511)