Description

A misconfiguration flaw was found in Keycloak. This issue can allow an attacker to redirect users to an arbitrary URL if a 'Valid Redirect URI' is set to http://localhost or http://127.0.0.1, enabling sensitive information such as authorization codes to be exposed to the attacker, potentially leading to session hijacking.

INFO

Published Date :

2024-09-19T15:48:28.468Z

Last Modified :

2026-04-01T13:27:25.248Z

Source :

redhat
AFFECTED PRODUCTS

The following products are affected by CVE-2024-8883 vulnerability.

Vendors Products
Redhat
  • Build Keycloak
  • Build Of Keycloak
  • Jboss Enterprise Application Platform
  • Openshift Container Platform
  • Openshift Container Platform For Ibm Z
  • Openshift Container Platform For Linuxone
  • Openshift Container Platform For Power
  • Red Hat Single Sign On
  • Rhosemc
  • Single Sign-on
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-8883.

URL Resource
https://access.redhat.com/errata/RHSA-2024:10385 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2024:10386 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2024:6878 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2024:6879 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2024:6880 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2024:6882 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2024:6886 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2024:6887 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2024:6888 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2024:6889 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2024:6890 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2024:8823 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2024:8824 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2024:8826 cve-icon cve-icon
https://access.redhat.com/security/cve/CVE-2024-8883 cve-icon cve-icon
https://bugzilla.redhat.com/show_bug.cgi?id=2312511 cve-icon cve-icon
https://github.com/keycloak/keycloak/blob/main/services/src/main/java/org/keycloak/protocol/oidc/utils/RedirectUtils.java cve-icon cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2024-8883 cve-icon
https://www.cve.org/CVERecord?id=CVE-2024-8883 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact