Attackers can Redirect Users to Arbitrary URLs, Exposing Sensitive Information
CVE-2024-8883

6.1MEDIUM

Key Information:

Status
Red Hat Build Of Keycloak
Red Hat Build Of Keycloak 22
Red Hat Build Of Keycloak 24
Vendor
CVE Published:
19 September 2024

What is CVE-2024-8883?

A misconfiguration flaw was found in Keycloak. This issue can allow an attacker to redirect users to an arbitrary URL if a 'Valid Redirect URI' is set to http://localhost or http://127.0.0.1, enabling sensitive information such as authorization codes to be exposed to the attacker, potentially leading to session hijacking.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://access.redhat.com/errata/RHSA-2024:10385
vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:10386
vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:6878
vendor-advisoryx_refsource_REDHAT

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Red Hat would like to thank Karsten Meyer zu Selhausen and Niklas Conrad for reporting this issue.
JSON
.