Description

A flaw was found in Keycloak's redirect_uri validation logic. This issue may allow a bypass of otherwise explicitly allowed hosts. A successful attack may lead to the theft of an access token, making it possible for the attacker to impersonate other users. It is very similar to CVE-2023-6291.

INFO

Published Date :

2024-04-17T13:23:34.652Z

Last Modified :

2025-11-11T15:15:55.748Z

Source :

redhat
AFFECTED PRODUCTS

The following products are affected by CVE-2024-2419 vulnerability.

Vendors Products
Redhat
  • Build Keycloak

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact