Keycloak: reflected xss via wildcard in oidc redirect_uri
CVE-2023-6134

4.6MEDIUM

Key Information:

Vendor: Red Hat
Status: Red Hat Build Of Keycloak 22; Red Hat Build Of Keycloak 22.0.7; Red Hat Single Sign-on 7.0; Red Hat Single Sign-on 7.6 For Rhel 7
Vendor: CVE Published:; 14 December 2023

Summary

A flaw was found in Keycloak that prevents certain schemes in redirects, but permits them if a wildcard is appended to the token. This issue could allow an attacker to submit a specially crafted request leading to cross-site scripting (XSS) or further attacks. This flaw is the result of an incomplete fix for CVE-2020-10748.

Affected Version(s)

Red Hat build of Keycloak 22 22.0.7-1

Red Hat build of Keycloak 22 22-6

Red Hat build of Keycloak 22 22-9

References

https://access.redhat.com/errata/RHSA-2023:7854

vendor-advisoryx_refsource_REDHAT

https://access.redhat.com/errata/RHSA-2023:7855

vendor-advisoryx_refsource_REDHAT

https://access.redhat.com/errata/RHSA-2023:7856

vendor-advisoryx_refsource_REDHAT

CVSS V3.1

Score:

4.6

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Dec 14, 2023
Vulnerability Reserved
Nov 14, 2023

Collectors

NVD DatabaseMitre Database

Credit

Red Hat would like to thank Lauritz Holtmann (https://security.lauritz-holtmann.de/) for reporting this issue.