Security
Headlines

Headlines Latest CVEs

Headline

GHSA-9vm7-v8wj-3fqw: keycloak-core: open redirect via "form_post.jwt" JARM response mode

An incomplete fix was found in Keycloak Core patch. An attacker can steal authorization codes or tokens from clients using a wildcard in the JARM response mode "form_post.jwt". It is observed that changing the response_mode parameter in the original proof of concept from “form_post” to “form_post.jwt” can bypass the security patch implemented to address CVE-2023-6134.

9 months ago

#git #java #auth #maven

GitHub Advisory Database
GitHub Reviewed
GHSA-9vm7-v8wj-3fqw

keycloak-core: open redirect via “form_post.jwt” JARM response mode

Moderate severity GitHub Reviewed Published Jan 22, 2024 in keycloak/keycloak

Package

maven org.keycloak:keycloak-core (Maven)

Affected versions

< 23.0.4

An incomplete fix was found in Keycloak Core patch. An attacker can steal authorization codes or tokens from clients using a wildcard in the JARM response mode "form_post.jwt". It is observed that changing the response_mode parameter in the original proof of concept from “form_post” to “form_post.jwt” can bypass the security patch implemented to address CVE-2023-6134.

References

GHSA-9vm7-v8wj-3fqw

Published to the GitHub Advisory Database

Jan 23, 2024

ghsa: Latest News

GHSA-hxf5-99xg-86hw: cap-std doesn't fully sandbox all the Windows device filenames

14 hours ago

GHSA-c2f5-jxjv-2hh8: Wasmtime doesn't fully sandbox all the Windows device filenames

14 hours ago

GHSA-4cf2-cxp3-rjr7: HAPI FHIR XML External Entity (XXE) vulnerability

18 hours ago

GHSA-v2qh-f584-6hj8: @workos-inc/authkit-remix refresh tokens are logged when the debug flag is enabled

19 hours ago

GHSA-5wmg-9cvh-qw25: @workos-inc/authkit-nextjs refresh tokens are logged when the debug flag is enabled

19 hours ago