An open redirect vulnerability was found in Keycloak. A specially crafted URL can be constructed where the referrer and referrer_uri parameters are made to trick a user to visit a malicious webpage. A trusted URL can trick users and automation into believing that the URL is safe, when, in fact, it redirects to a malicious server. This issue can result in a victim inadvertently trusting the destination of the redirect, potentially leading to a successful phishing attack or other types of attacks. Once a crafted URL is made, it can be sent to a Keycloak admin via email for example. This will trigger this vulnerability when the user visits the page and clicks the link. A malicious actor can use this to target users they know are Keycloak admins for further attacks. It may also be possible to bypass other domain-related security checks, such as supplying this as a OAuth redirect uri. The malicious actor can further obfuscate the redirect_uri using URL encoding, to hide the text of the actual malicious website domain.
History

Tue, 01 Oct 2024 13:45:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 4.4, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N'}

cvssV3_1

{'score': 6.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N'}


Thu, 26 Sep 2024 15:30:00 +0000

Type Values Removed Values Added
First Time appeared Redhat build Of Keycloak
Redhat keycloak
CPEs cpe:2.3:a:redhat:build_of_keycloak:*:*:*:*:*:*:*:*
cpe:2.3:a:redhat:keycloak:*:*:*:*:*:*:*:*
Vendors & Products Redhat build Of Keycloak
Redhat keycloak

Wed, 18 Sep 2024 08:45:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:build_keycloak:22 cpe:/a:redhat:build_keycloak:24

Mon, 09 Sep 2024 20:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Mon, 09 Sep 2024 19:30:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

threat_severity

Moderate


Mon, 09 Sep 2024 19:00:00 +0000

Type Values Removed Values Added
Description An open redirect vulnerability was found in Keycloak. A specially crafted URL can be constructed where the referrer and referrer_uri parameters are made to trick a user to visit a malicious webpage. A trusted URL can trick users and automation into believing that the URL is safe, when, in fact, it redirects to a malicious server. This issue can result in a victim inadvertently trusting the destination of the redirect, potentially leading to a successful phishing attack or other types of attacks. Once a crafted URL is made, it can be sent to a Keycloak admin via email for example. This will trigger this vulnerability when the user visits the page and clicks the link. A malicious actor can use this to target users they know are Keycloak admins for further attacks. It may also be possible to bypass other domain-related security checks, such as supplying this as a OAuth redirect uri. The malicious actor can further obfuscate the redirect_uri using URL encoding, to hide the text of the actual malicious website domain.
Title Keycloak-core: open redirect on account page
First Time appeared Redhat
Redhat build Keycloak
Weaknesses CWE-601
CPEs cpe:/a:redhat:build_keycloak:22
cpe:/a:redhat:build_keycloak:24::el9
Vendors & Products Redhat
Redhat build Keycloak
References
Metrics cvssV3_1

{'score': 4.4, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2024-09-09T18:49:59.437Z

Updated: 2024-11-24T18:42:30.535Z

Reserved: 2024-07-30T02:24:02.197Z

Link: CVE-2024-7260

cve-icon Vulnrichment

Updated: 2024-09-09T19:13:37.589Z

cve-icon NVD

Status : Modified

Published: 2024-09-09T19:15:14.033

Modified: 2024-10-01T14:15:06.553

Link: CVE-2024-7260

cve-icon Redhat

Severity : Moderate

Publid Date: 2024-09-09T13:55:00Z

Links: CVE-2024-7260 - Bugzilla