A flaw was found in the redirect_uri validation logic in Keycloak. This issue may allow a bypass of otherwise explicitly allowed hosts. A successful attack may lead to an access token being stolen, making it possible for the attacker to impersonate other users.
History

Wed, 13 Nov 2024 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2024-01-26T14:23:43.185Z

Updated: 2024-12-13T16:31:00.657Z

Reserved: 2023-11-24T18:16:45.923Z

Link: CVE-2023-6291

cve-icon Vulnrichment

Updated: 2024-08-02T08:28:21.867Z

cve-icon NVD

Status : Modified

Published: 2024-01-26T15:15:08.280

Modified: 2024-11-21T08:43:32.587

Link: CVE-2023-6291

cve-icon Redhat

Severity : Important

Publid Date: 2023-12-14T00:00:00Z

Links: CVE-2023-6291 - Bugzilla