Keycloak: xss via assertion consumer service url in saml post-binding flow

CVE-2023-6717

6MEDIUM

Key Information

Vendor: Red Hat
Status: Red Hat Build Of Keycloak 22; Red Hat Build Of Keycloak 22.0.10; Red Hat Jboss A-MQ 7; Rhoss-1.33-rhel-8
Vendor: CVE Published:; 25 April 2024

Summary

A flaw was found in the SAML client registration in Keycloak that could allow an administrator to register malicious JavaScript URIs as Assertion Consumer Service POST Binding URLs (ACS), posing a Cross-Site Scripting (XSS) risk. This issue may allow a malicious admin in one realm or a client with registration access to target users in different realms or applications, executing arbitrary JavaScript in their contexts upon form submission. This can enable unauthorized access and harmful actions, compromising the confidentiality, integrity, and availability of the complete KC instance.

Affected Version(s)

Red Hat build of Keycloak 22 <= 22.0.10-1

Red Hat build of Keycloak 22 <= 22-13

Red Hat build of Keycloak 22 <= 22-16

CVSS V3.1

Score:

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

High

User Interaction:

Required

Scope:

Unchanged

Timeline

Risk change from: null to: 6 - (MEDIUM)
May 8, 2024
Vulnerability published.
Apr 25, 2024
Reported to Red Hat.
Dec 11, 2023

Collectors

NVD DatabaseMitre Database