Veracode Vulnerability DatabaseVERACODE:46492Open Redirect
8.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
8.1 High
AI Score
Confidence
High
0.0005 Low
EPSS
Percentile
17.0%
org.keycloak, keycloak-services is vulnerable to Open Redirect. The vulnerability is due to inadequate validation of URLs included in redirects, potentially allowing attackers to access other URLs and sensitive information within the domain or conduct further attacks.
| CPE | Name | Operator | Version |
|---|---|---|---|
| keycloak rest services | le | 24.0.2 | |
| keycloak common | le | 24.0.2 | |
| keycloak rest services | le | 24.0.2 | |
| keycloak common | le | 24.0.2 |
References
access.redhat.com/errata/RHSA-2024:1860
access.redhat.com/errata/RHSA-2024:1861
access.redhat.com/errata/RHSA-2024:1862
access.redhat.com/errata/RHSA-2024:1864
access.redhat.com/errata/RHSA-2024:1866
access.redhat.com/errata/RHSA-2024:1867
access.redhat.com/errata/RHSA-2024:1868
access.redhat.com/errata/RHSA-2024:2945
access.redhat.com/errata/RHSA-2024:3752
access.redhat.com/errata/RHSA-2024:3762
access.redhat.com/errata/RHSA-2024:3919
access.redhat.com/errata/RHSA-2024:3989
access.redhat.com/security/cve/CVE-2024-1132
bugzilla.redhat.com/show_bug.cgi?id=2262117
github.com/keycloak/keycloak/commit/4ffb69ecefce155f297d3bb9f6ecc8fa8600d308
github.com/keycloak/keycloak/commit/e310604cf61561a81d53529c8b59e4177d81c736
github.com/keycloak/keycloak/security/advisories/GHSA-72vp-xfrc-42xm
Related
8.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
8.1 High
AI Score
Confidence
High
0.0005 Low
EPSS
Percentile
17.0%