Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-8883

A misconfiguration flaw was found in Keycloak. This issue can allow an attacker to redirect users to an arbitrary URL if a 'Valid Redirect URI' is set to http://localhost or http://127.0.0.1, enabling sensitive information such as authorization codes to be exposed to the attacker, potentially leading to session hijacking.

Published

2024-09-19T16:15:06.403

Last Modified

2024-11-26T19:15:32.253

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 6.1 (MEDIUM)

Weaknesses

Type: Primary
CWE-601

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	redhat	build_of_keycloak	-	Yes
Application	redhat	openshift_container_platform	4.11	Yes
Application	redhat	openshift_container_platform	4.12	Yes
Application	redhat	openshift_container_platform_for_ibm_z	4.9	Yes
Application	redhat	openshift_container_platform_for_ibm_z	4.10	Yes
Application	redhat	openshift_container_platform_for_linuxone	4.9	Yes
Application	redhat	openshift_container_platform_for_linuxone	4.10	Yes
Application	redhat	openshift_container_platform_for_power	4.9	Yes
Application	redhat	openshift_container_platform_for_power	4.10	Yes
Application	redhat	single_sign-on	-	Yes
Application	redhat	single_sign-on	7.6	Yes

References

https://access.redhat.com/errata/RHSA-2024:10385 ([email protected])
https://access.redhat.com/errata/RHSA-2024:10386 ([email protected])
https://access.redhat.com/errata/RHSA-2024:6878 Vendor Advisory ([email protected])
https://access.redhat.com/errata/RHSA-2024:6879 Vendor Advisory ([email protected])
https://access.redhat.com/errata/RHSA-2024:6880 Vendor Advisory ([email protected])
https://access.redhat.com/errata/RHSA-2024:6882 Vendor Advisory ([email protected])
https://access.redhat.com/errata/RHSA-2024:6886 Vendor Advisory ([email protected])
https://access.redhat.com/errata/RHSA-2024:6887 Vendor Advisory ([email protected])
https://access.redhat.com/errata/RHSA-2024:6888 Vendor Advisory ([email protected])
https://access.redhat.com/errata/RHSA-2024:6889 Vendor Advisory ([email protected])
https://access.redhat.com/errata/RHSA-2024:6890 Vendor Advisory ([email protected])
https://access.redhat.com/errata/RHSA-2024:8823 ([email protected])
https://access.redhat.com/errata/RHSA-2024:8824 ([email protected])
https://access.redhat.com/errata/RHSA-2024:8826 ([email protected])
https://access.redhat.com/security/cve/CVE-2024-8883 Vendor Advisory ([email protected])
https://bugzilla.redhat.com/show_bug.cgi?id=2312511 Issue Tracking, Vendor Advisory ([email protected])
https://github.com/keycloak/keycloak/blob/main/services/src/main/java/org/keycloak/protocol/oidc/utils/RedirectUtils.java Product ([email protected])