Headline
GHSA-3p75-q5cc-qmj7: Keycloak Open Redirect vulnerability
A flaw was found in Keycloak. This issue may allow an attacker to steal authorization codes or tokens from clients using a wildcard in the JARM response mode “form_post.jwt” which could be used to bypass the security patch implemented to address CVE-2023-6134.
Keycloak Open Redirect vulnerability
Moderate severity GitHub Reviewed Published Dec 19, 2023 to the GitHub Advisory Database • Updated Dec 19, 2023
Related news
Red Hat Security Advisory 2024-0804-03 - A security update is now available for Red Hat Single Sign-On 7.6 from the Customer Portal. Issues addressed include bypass, cross site scripting, and open redirection vulnerabilities.
Red Hat Security Advisory 2024-0801-03 - A new image is available for Red Hat Single Sign-On 7.6.7, running on OpenShift Container Platform 3.10 and 3.11, and 4.3. Issues addressed include bypass, cross site scripting, and open redirection vulnerabilities.
Red Hat Security Advisory 2024-0800-03 - New Red Hat Single Sign-On 7.6.7 packages are now available for Red Hat Enterprise Linux 9. Issues addressed include bypass, cross site scripting, and open redirection vulnerabilities.
Red Hat Security Advisory 2024-0799-03 - New Red Hat Single Sign-On 7.6.7 packages are now available for Red Hat Enterprise Linux 8. Issues addressed include bypass, cross site scripting, and open redirection vulnerabilities.
Red Hat Security Advisory 2024-0798-03 - New Red Hat Single Sign-On 7.6.7 packages are now available for Red Hat Enterprise Linux 7. Issues addressed include bypass, cross site scripting, and open redirection vulnerabilities.
Red Hat Security Advisory 2024-0101-03 - Red Hat build of Keycloak 22.0.8 is now available from the Customer Portal. Issues addressed include an open redirection vulnerability.
Red Hat Security Advisory 2024-0100-03 - A security update is now available for Red Hat build of Keycloak 22.0.8 images running on OpenShift Container Platform. Issues addressed include an open redirection vulnerability.
Red Hat Security Advisory 2024-0098-03 - A security update is now available for Red Hat Single Sign-On 7.6 from the Customer Portal. Issues addressed include an open redirection vulnerability.
Red Hat Security Advisory 2024-0097-03 - A new image is available for Red Hat Single Sign-On 7.6.6, running on OpenShift Container Platform 3.10 and 3.11, and 4.3. Issues addressed include an open redirection vulnerability.
Red Hat Security Advisory 2024-0096-03 - New Red Hat Single Sign-On 7.6.6 packages are now available for Red Hat Enterprise Linux 9. Issues addressed include an open redirection vulnerability.
Red Hat Security Advisory 2024-0095-03 - New Red Hat Single Sign-On 7.6.6 packages are now available for Red Hat Enterprise Linux 8. Issues addressed include an open redirection vulnerability.
Red Hat Security Advisory 2024-0094-03 - New Red Hat Single Sign-On 7.6.6 packages are now available for Red Hat Enterprise Linux 7. Issues addressed include an open redirection vulnerability.