Lucene search

Veracode Vulnerability DatabaseVERACODE:46492

HistoryApr 18, 2024 - 4:12 a.m.

Open Redirect

2024-04-1804:12:09

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

open redirect

inadequate validation

sensitive information

8.1 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

12.7%

JSON

org.keycloak, keycloak-services is vulnerable to Open Redirect. The vulnerability is due to inadequate validation of URLs included in redirects, potentially allowing attackers to access other URLs and sensitive information within the domain or conduct further attacks.

CPENameOperatorVersion
keycloak rest servicesle24.0.2
keycloak commonle24.0.2
keycloak rest servicesle24.0.2
keycloak commonle24.0.2

Name	Operator	Version
keycloak rest services	le	24.0.2
keycloak common	le	24.0.2
keycloak rest services	le	24.0.2
keycloak common	le	24.0.2

References

access.redhat.com/errata/RHSA-2024:1860

access.redhat.com/errata/RHSA-2024:1861

access.redhat.com/errata/RHSA-2024:1862

access.redhat.com/errata/RHSA-2024:1864

access.redhat.com/errata/RHSA-2024:1866

access.redhat.com/errata/RHSA-2024:1867

access.redhat.com/errata/RHSA-2024:1868

access.redhat.com/errata/RHSA-2024:2945

access.redhat.com/security/cve/CVE-2024-1132

bugzilla.redhat.com/show_bug.cgi?id=2262117

github.com/keycloak/keycloak/commit/4ffb69ecefce155f297d3bb9f6ecc8fa8600d308

github.com/keycloak/keycloak/commit/e310604cf61561a81d53529c8b59e4177d81c736

github.com/keycloak/keycloak/security/advisories/GHSA-72vp-xfrc-42xm