A flaw was found in Keycloak, where it does not properly validate URLs included in a redirect. This issue could allow an attacker to construct a malicious request to bypass validation and access other URLs and sensitive information within the domain or conduct further attacks. This flaw affects any client that utilizes a wildcard in the Valid Redirect URIs field, and requires user interaction within the malicious URL.
Metrics
Affected Vendors & Products
References
History
Wed, 18 Sep 2024 08:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
MITRE
Status: PUBLISHED
Assigner: redhat
Published: 2024-04-17T13:21:19.130Z
Updated: 2024-12-20T13:25:17.780Z
Reserved: 2024-01-31T17:07:33.455Z
Link: CVE-2024-1132
Vulnrichment
Updated: 2024-08-01T18:26:30.564Z
NVD
Status : Awaiting Analysis
Published: 2024-04-17T14:15:07.953
Modified: 2024-11-21T08:49:52.017
Link: CVE-2024-1132
Redhat