Security
Headlines
HeadlinesLatestCVEs

Headline

GHSA-9vm7-v8wj-3fqw: keycloak-core: open redirect via "form_post.jwt" JARM response mode

An incomplete fix was found in Keycloak Core patch. An attacker can steal authorization codes or tokens from clients using a wildcard in the JARM response mode "form_post.jwt". It is observed that changing the response_mode parameter in the original proof of concept from “form_post” to “form_post.jwt” can bypass the security patch implemented to address CVE-2023-6134.

ghsa
#git#java#auth#maven
  1. GitHub Advisory Database
  2. GitHub Reviewed
  3. GHSA-9vm7-v8wj-3fqw

keycloak-core: open redirect via “form_post.jwt” JARM response mode

Moderate severity GitHub Reviewed Published Jan 22, 2024 in keycloak/keycloak

Package

maven org.keycloak:keycloak-core (Maven)

Affected versions

< 23.0.4

An incomplete fix was found in Keycloak Core patch. An attacker can steal authorization codes or tokens from clients using a wildcard in the JARM response mode "form_post.jwt". It is observed that changing the response_mode parameter in the original proof of concept from “form_post” to “form_post.jwt” can bypass the security patch implemented to address CVE-2023-6134.

References

  • GHSA-9vm7-v8wj-3fqw

Published to the GitHub Advisory Database

Jan 23, 2024

ghsa: Latest News

GHSA-hxf5-99xg-86hw: cap-std doesn't fully sandbox all the Windows device filenames