Description

A flaw was found in Keycloak, where it does not properly validate URLs included in a redirect. This issue could allow an attacker to construct a malicious request to bypass validation and access other URLs and sensitive information within the domain or conduct further attacks. This flaw affects any client that utilizes a wildcard in the Valid Redirect URIs field, and requires user interaction within the malicious URL.

INFO

Published Date :

2024-04-17T13:21:19.130Z

Last Modified :

2026-03-17T20:52:47.238Z

Source :

redhat
AFFECTED PRODUCTS

The following products are affected by CVE-2024-1132 vulnerability.

Vendors Products
Redhat
  • Amq Broker
  • Build Keycloak
  • Build Of Keycloak
  • Jboss Data Grid
  • Jboss Enterprise Application Platform
  • Jboss Enterprise Bpms Platform
  • Jboss Enterprise Brms Platform
  • Jboss Fuse
  • Jboss Middleware Text-only Advisories
  • Keycloak
  • Migration Toolkit Applications
  • Migration Toolkit For Applications
  • Migration Toolkit For Runtimes
  • Migration Toolkit Runtimes
  • Openshift Container Platform
  • Openshift Container Platform For Ibm Z
  • Openshift Container Platform For Linuxone
  • Openshift Container Platform For Power
  • Quarkus
  • Red Hat Single Sign On
  • Rhosemc
  • Service Registry
  • Single Sign-on

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact