Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-6291

A flaw was found in the redirect_uri validation logic in Keycloak. This issue may allow a bypass of otherwise explicitly allowed hosts. A successful attack may lead to an access token being stolen, making it possible for the attacker to impersonate other users.

Published

2024-01-26T15:15:08.280

Last Modified

2024-11-21T08:43:32.587

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.1 (HIGH)

Weaknesses

Type: Secondary
CWE-601
Type: Primary
CWE-601

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	redhat	keycloak	< 22.0.7	Yes
Application	redhat	single_sign-on	-	Yes
Application	redhat	openshift_container_platform	4.11	Yes
Application	redhat	openshift_container_platform	4.12	Yes
Application	redhat	openshift_container_platform_for_ibm_z	4.9	Yes
Application	redhat	openshift_container_platform_for_ibm_z	4.10	Yes
Application	redhat	openshift_container_platform_for_linuxone	4.9	Yes
Application	redhat	openshift_container_platform_for_linuxone	4.10	Yes
Application	redhat	openshift_container_platform_for_power	4.9	Yes
Application	redhat	openshift_container_platform_for_power	4.10	Yes
Operating System	redhat	enterprise_linux	8.0	No
Application	redhat	single_sign-on	7.6	Yes
Operating System	redhat	enterprise_linux	7.0	No
Operating System	redhat	enterprise_linux	8.0	No
Operating System	redhat	enterprise_linux	9.0	No
Application	redhat	migration_toolkit_for_applications	6.0	Yes
Application	redhat	migration_toolkit_for_applications	7.0	Yes

References

https://access.redhat.com/errata/RHSA-2023:7854 Vendor Advisory ([email protected])
https://access.redhat.com/errata/RHSA-2023:7855 Vendor Advisory ([email protected])
https://access.redhat.com/errata/RHSA-2023:7856 Vendor Advisory ([email protected])
https://access.redhat.com/errata/RHSA-2023:7857 Vendor Advisory ([email protected])
https://access.redhat.com/errata/RHSA-2023:7858 Vendor Advisory ([email protected])
https://access.redhat.com/errata/RHSA-2023:7860 Vendor Advisory ([email protected])
https://access.redhat.com/errata/RHSA-2023:7861 Vendor Advisory ([email protected])
https://access.redhat.com/errata/RHSA-2024:0798 ([email protected])
https://access.redhat.com/errata/RHSA-2024:0799 ([email protected])
https://access.redhat.com/errata/RHSA-2024:0800 ([email protected])
https://access.redhat.com/errata/RHSA-2024:0801 ([email protected])
https://access.redhat.com/errata/RHSA-2024:0804 ([email protected])
https://access.redhat.com/security/cve/CVE-2023-6291 Vendor Advisory ([email protected])
https://bugzilla.redhat.com/show_bug.cgi?id=2251407 Issue Tracking, Vendor Advisory ([email protected])
https://access.redhat.com/errata/RHSA-2023:7854 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2023:7855 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2023:7856 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2023:7857 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2023:7858 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2023:7860 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2023:7861 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2024:0798 (af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2024:0799 (af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2024:0800 (af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2024:0801 (af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2024:0804 (af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/security/cve/CVE-2023-6291 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://bugzilla.redhat.com/show_bug.cgi?id=2251407 Issue Tracking, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)