Headline
GHSA-vvf8-2h68-9475: Keycloak Open Redirect vulnerability
A misconfiguration flaw was found in Keycloak. This issue can allow an attacker to redirect users to an arbitrary URL if a ‘Valid Redirect URI’ is set to http://localhost or http://127.0.0.1, enabling sensitive information such as authorization codes to be exposed to the attacker, potentially leading to session hijacking.
Keycloak Open Redirect vulnerability
Moderate severity GitHub Reviewed Published Sep 19, 2024 to the GitHub Advisory Database • Updated Sep 19, 2024
Related news
Red Hat Security Advisory 2024-6890-03 - New Red Hat build of Keycloak 24.0.8 packages with security impact Important are available from the Customer Portal. Issues addressed include a privilege escalation vulnerability.
Red Hat Security Advisory 2024-6889-03 - New images with security impact Important are available for Red Hat build of Keycloak 24.0.8 and Red Hat build of Keycloak 24.0.8 Operator, running on OpenShift Container Platform. Issues addressed include a privilege escalation vulnerability.
Red Hat Security Advisory 2024-6888-03 - New Red Hat build of Keycloak 22.0.13 packages with security impact Important are available from the Customer Portal. Issues addressed include a privilege escalation vulnerability.
Red Hat Security Advisory 2024-6887-03 - New images with security impact Important are available for Red Hat build of Keycloak 22.0.13 and Red Hat build of Keycloak 22.0.13 Operator, running on OpenShift Container Platform. Issues addressed include a privilege escalation vulnerability.
Red Hat Security Advisory 2024-6886-03 - A security update is now available for Red Hat Single Sign-On 7.6 from the Customer Portal. Issues addressed include a privilege escalation vulnerability.
Red Hat Security Advisory 2024-6882-03 - A new image is available for Red Hat Single Sign-On 7.6.11, running on OpenShift Container Platform 3.10 and 3.11, and 4.3. Issues addressed include a privilege escalation vulnerability.
Red Hat Security Advisory 2024-6880-03 - New Red Hat Single Sign-On 7.6.11 packages are now available for Red Hat Enterprise Linux 9. Issues addressed include a privilege escalation vulnerability.
Red Hat Security Advisory 2024-6879-03 - New Red Hat Single Sign-On 7.6.11 packages are now available for Red Hat Enterprise Linux 8. Issues addressed include a privilege escalation vulnerability.
Red Hat Security Advisory 2024-6878-03 - New Red Hat Single Sign-On 7.6.11 packages are now available for Red Hat Enterprise Linux 7. Issues addressed include a privilege escalation vulnerability.