A flaw was found in Keycloak's OIDC component in the "checkLoginIframe," which allows unvalidated cross-origin messages. This flaw allows attackers to coordinate and send millions of requests in seconds using simple code, significantly impacting the application's availability without proper origin validation for incoming messages.
History

Wed, 09 Jul 2025 02:30:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7
cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7
Vendors & Products Redhat jboss Enterprise Application Platform Eus

Tue, 08 Jul 2025 14:30:00 +0000


Wed, 25 Jun 2025 00:45:00 +0000

Type Values Removed Values Added
First Time appeared Redhat jboss Enterprise Application Platform Eus
CPEs cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7
cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7
Vendors & Products Redhat jboss Enterprise Application Platform Eus
References

Tue, 17 Sep 2024 21:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2024-04-17T13:22:48.335Z

Updated: 2025-07-08T13:39:08.380Z

Reserved: 2024-02-06T06:20:24.574Z

Link: CVE-2024-1249

cve-icon Vulnrichment

Updated: 2024-08-01T18:33:25.533Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-04-17T14:15:08.160

Modified: 2025-07-08T14:15:24.283

Link: CVE-2024-1249

cve-icon Redhat

Severity : Important

Publid Date: 2024-04-16T00:00:00Z

Links: CVE-2024-1249 - Bugzilla