Description
A flaw was found in Keycloak, where it does not properly validate URLs included in a redirect. This issue could allow an attacker to construct a malicious request to bypass validation and access other URLs and sensitive information within the domain or conduct further attacks. This flaw affects any client that utilizes a wildcard in the Valid Redirect URIs field, and requires user interaction within the malicious URL.
Problem types
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Product status
21.1.0 (semver) before 22.0.10
23.0.0 (semver) before 24.0.3
1.2-23 (rpm) before *
1.2-15 (rpm) before *
1.2-16 (rpm) before *
1.2-14 (rpm) before *
6.2.3-2 (rpm) before *
22.0.10-1 (rpm) before *
22-13 (rpm) before *
22-16 (rpm) before *
0:18.0.13-1.redhat_00001.1.el7sso (rpm) before *
0:18.0.13-1.redhat_00001.1.el8sso (rpm) before *
0:18.0.13-1.redhat_00001.1.el9sso (rpm) before *
7.6-46 (rpm) before *
Timeline
| 2024-01-31: | Reported to Red Hat. |
| 2024-04-16: | Made public. |
Credits
Red Hat would like to thank Axel Flamcourt for reporting this issue.
References
access.redhat.com/errata/RHSA-2024:1860 (RHSA-2024:1860)
access.redhat.com/errata/RHSA-2024:1861 (RHSA-2024:1861)
access.redhat.com/errata/RHSA-2024:1862 (RHSA-2024:1862)
access.redhat.com/errata/RHSA-2024:1864 (RHSA-2024:1864)
access.redhat.com/errata/RHSA-2024:1866 (RHSA-2024:1866)
access.redhat.com/errata/RHSA-2024:1867 (RHSA-2024:1867)
access.redhat.com/errata/RHSA-2024:1868 (RHSA-2024:1868)
access.redhat.com/errata/RHSA-2024:2945 (RHSA-2024:2945)
access.redhat.com/errata/RHSA-2024:3752 (RHSA-2024:3752)
access.redhat.com/errata/RHSA-2024:3762 (RHSA-2024:3762)
access.redhat.com/errata/RHSA-2024:3919 (RHSA-2024:3919)
access.redhat.com/errata/RHSA-2024:3989 (RHSA-2024:3989)
access.redhat.com/security/cve/CVE-2024-1132
bugzilla.redhat.com/show_bug.cgi?id=2262117 (RHBZ#2262117)
access.redhat.com/errata/RHSA-2024:1860 (RHSA-2024:1860)
access.redhat.com/errata/RHSA-2024:1861 (RHSA-2024:1861)
access.redhat.com/errata/RHSA-2024:1862 (RHSA-2024:1862)
access.redhat.com/errata/RHSA-2024:1864 (RHSA-2024:1864)
access.redhat.com/errata/RHSA-2024:1866 (RHSA-2024:1866)
access.redhat.com/errata/RHSA-2024:1867 (RHSA-2024:1867)
access.redhat.com/errata/RHSA-2024:1868 (RHSA-2024:1868)
access.redhat.com/errata/RHSA-2024:2945 (RHSA-2024:2945)
access.redhat.com/errata/RHSA-2024:3752 (RHSA-2024:3752)
access.redhat.com/errata/RHSA-2024:3762 (RHSA-2024:3762)
access.redhat.com/errata/RHSA-2024:3919 (RHSA-2024:3919)
access.redhat.com/errata/RHSA-2024:3989 (RHSA-2024:3989)
access.redhat.com/security/cve/CVE-2024-1132
bugzilla.redhat.com/show_bug.cgi?id=2262117 (RHBZ#2262117)