A flaw was found in Keycloak, where it does not properly validate URLs included in a redirect. This issue could allow an attacker to construct a malicious request to bypass validation and access other URLs and sensitive information within the domain or conduct further attacks. This flaw affects any client that utilizes a wildcard in the Valid Redirect URIs field, and requires user interaction within the malicious URL.
2024-04-17T14:15:07.953
2025-06-30T13:58:57.033
Analyzed
CVSSv3.1: 8.1 (HIGH)
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | redhat | build_of_keycloak | - | Yes |
| Application | redhat | jboss_middleware_text-only_advisories | 1.0 | Yes |
| Application | redhat | keycloak | < 22.0.10 | Yes |
| Application | redhat | keycloak | < 24.0.3 | Yes |
| Application | redhat | migration_toolkit_for_applications | 1.0 | Yes |
| Application | redhat | migration_toolkit_for_runtimes | - | Yes |
| Application | redhat | openshift_container_platform | 4.11 | Yes |
| Application | redhat | openshift_container_platform | 4.12 | Yes |
| Application | redhat | openshift_container_platform_for_ibm_z | 4.9 | Yes |
| Application | redhat | openshift_container_platform_for_ibm_z | 4.10 | Yes |
| Application | redhat | openshift_container_platform_for_linuxone | 4.9 | Yes |
| Application | redhat | openshift_container_platform_for_linuxone | 4.10 | Yes |
| Application | redhat | openshift_container_platform_for_power | 4.9 | Yes |
| Application | redhat | openshift_container_platform_for_power | 4.10 | Yes |
| Application | redhat | single_sign-on | - | Yes |
| Application | redhat | single_sign-on | 7.6 | Yes |