A flaw was found in Keycloak's OIDC component in the "checkLoginIframe," which allows unvalidated cross-origin messages. This flaw allows attackers to coordinate and send millions of requests in seconds using simple code, significantly impacting the application's availability without proper origin validation for incoming messages.
History

Tue, 17 Sep 2024 21:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2024-04-17T13:22:48.335Z

Updated: 2024-12-23T10:59:39.192Z

Reserved: 2024-02-06T06:20:24.574Z

Link: CVE-2024-1249

cve-icon Vulnrichment

Updated: 2024-08-01T18:33:25.533Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-04-17T14:15:08.160

Modified: 2024-11-21T08:50:09.153

Link: CVE-2024-1249

cve-icon Redhat

Severity : Important

Publid Date: 2024-04-16T00:00:00Z

Links: CVE-2024-1249 - Bugzilla