Security
Headlines

Headlines Latest CVEs

Headline

GHSA-w8gr-xwp4-r9f7: Vulnerable Redirect URI Validation Results in Open Redirect

A misconfiguration flaw was found in Keycloak. This issue can allow an attacker to redirect users to an arbitrary URL if a ‘Valid Redirect URI’ is set to http://localhost/ or http://127.0.0.1/, enabling sensitive information such as authorization codes to be exposed to the attacker, potentially leading to session hijacking.

21 days ago

#git #java #auth #maven

GitHub Advisory Database
GitHub Reviewed
GHSA-w8gr-xwp4-r9f7

Vulnerable Redirect URI Validation Results in Open Redirect

Moderate severity GitHub Reviewed Published Oct 14, 2024 in keycloak/keycloak • Updated Oct 14, 2024

Package

maven org.keycloak:keycloak-services (Maven)

Affected versions

<= 22.0.12

>= 23.0.0, <= 24.0.7

>= 25.0.0, <= 25.0.5

Patched versions

22.0.13

24.0.8

25.0.6

A misconfiguration flaw was found in Keycloak. This issue can allow an attacker to redirect users to an arbitrary URL if a ‘Valid Redirect URI’ is set to http://localhost/ or http://127.0.0.1/, enabling sensitive information such as authorization codes to be exposed to the attacker, potentially leading to session hijacking.

References

GHSA-w8gr-xwp4-r9f7

Published to the GitHub Advisory Database

Oct 14, 2024

Last updated

Oct 14, 2024

ghsa: Latest News

GHSA-g5vw-3h65-2q3v: Access control vulnerable to user data deletion by anonynmous users

12 hours ago

GHSA-3hxg-fxwm-8gf7: CRLF injection in Refit's [Header], [HeaderCollection] and [Authorize] attributes

12 hours ago

GHSA-82j3-hf72-7x93: Reposilite vulnerable to path traversal while serving javadoc expanded files (arbitrary file read) (`GHSL-2024-074`)

12 hours ago

GHSA-29wx-vh33-7x7r: Bad documentation of error handling in ParseWithClaims can lead to potentially dangerous situations

12 hours ago

GHSA-7vm6-qwh5-9x44: loona-hpack Panic Vulnerability

12 hours ago