A flaw was found in Keycloak, where it does not properly validate URLs included in a redirect. This issue could allow an attacker to construct a malicious request to bypass validation and access other URLs and sensitive information within the domain or conduct further attacks. This flaw affects any client that utilizes a wildcard in the Valid Redirect URIs field, and requires user interaction within the malicious URL.
History

Wed, 18 Sep 2024 08:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2024-04-17T13:21:19.130Z

Updated: 2024-12-20T13:25:17.780Z

Reserved: 2024-01-31T17:07:33.455Z

Link: CVE-2024-1132

cve-icon Vulnrichment

Updated: 2024-08-01T18:26:30.564Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-04-17T14:15:07.953

Modified: 2024-11-21T08:49:52.017

Link: CVE-2024-1132

cve-icon Redhat

Severity : Important

Publid Date: 2024-04-16T00:00:00Z

Links: CVE-2024-1132 - Bugzilla