Description

A flaw was found in Keycloak's OIDC component in the "checkLoginIframe," which allows unvalidated cross-origin messages. This flaw allows attackers to coordinate and send millions of requests in seconds using simple code, significantly impacting the application's availability without proper origin validation for incoming messages.

INFO

Published Date :

2024-04-17T13:22:48.335Z

Last Modified :

2026-04-30T13:00:08.198Z

Source :

redhat
AFFECTED PRODUCTS

The following products are affected by CVE-2024-1249 vulnerability.

Vendors Products
Redhat
  • Amq Broker
  • Amq Streams
  • Build Keycloak
  • Jboss Data Grid
  • Jboss Enterprise Application Platform
  • Jboss Enterprise Bpms Platform
  • Jboss Enterprise Brms Platform
  • Jboss Fuse
  • Jbosseapxp
  • Migration Toolkit Applications
  • Openshift Serverless
  • Red Hat Single Sign On
  • Rhdh
  • Rhosemc
  • Service Registry

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact