A flaw was found in Keycloak's OIDC component in the "checkLoginIframe," which allows unvalidated cross-origin messages. This flaw allows attackers to coordinate and send millions of requests in seconds using simple code, significantly impacting the application's availability without proper origin validation for incoming messages.
Metrics
Affected Vendors & Products
References
History
Tue, 17 Sep 2024 21:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
MITRE
Status: PUBLISHED
Assigner: redhat
Published: 2024-04-17T13:22:48.335Z
Updated: 2024-12-23T10:59:39.192Z
Reserved: 2024-02-06T06:20:24.574Z
Link: CVE-2024-1249
Vulnrichment
Updated: 2024-08-01T18:33:25.533Z
NVD
Status : Awaiting Analysis
Published: 2024-04-17T14:15:08.160
Modified: 2024-11-21T08:50:09.153
Link: CVE-2024-1249
Redhat