org.keycloak, keycloak-services is vulnerable to Open Redirect. The vulnerability is due to inadequate validation of URLs included in redirects, potentially allowing attackers to access other URLs and sensitive information within the domain or conduct further attacks.
CPE | Name | Operator | Version |
---|---|---|---|
keycloak rest services | le | 24.0.2 | |
keycloak common | le | 24.0.2 | |
keycloak rest services | le | 24.0.2 | |
keycloak common | le | 24.0.2 |
access.redhat.com/errata/RHSA-2024:1860
access.redhat.com/errata/RHSA-2024:1861
access.redhat.com/errata/RHSA-2024:1862
access.redhat.com/errata/RHSA-2024:1864
access.redhat.com/errata/RHSA-2024:1866
access.redhat.com/errata/RHSA-2024:1867
access.redhat.com/errata/RHSA-2024:1868
access.redhat.com/errata/RHSA-2024:2945
access.redhat.com/security/cve/CVE-2024-1132
bugzilla.redhat.com/show_bug.cgi?id=2262117
github.com/keycloak/keycloak/commit/4ffb69ecefce155f297d3bb9f6ecc8fa8600d308
github.com/keycloak/keycloak/commit/e310604cf61561a81d53529c8b59e4177d81c736
github.com/keycloak/keycloak/security/advisories/GHSA-72vp-xfrc-42xm