CVE-2024-1132 Information

Apr 18, 2024 cve

Description

A flaw was found in Keycloak where it does not properly validate URLs included in a redirect. This issue could allow an attacker to construct a malicious request to bypass validation and access other URLs and sensitive information within the domain or conduct further attacks. This flaw affects any client that utilizes a wildcard in the Valid Redirect URIs field and requires user interaction within the malicious URL.

Reference

https://access.redhat.com/errata/RHSA-2024:1868 https://access.redhat.com/security/cve/CVE-2024-1132 https://bugzilla.redhat.com/show_bug.cgi?id=2262117 https://access.redhat.com/errata/RHSA-2024:1860 https://access.redhat.com/errata/RHSA-2024:1861 https://access.redhat.com/errata/RHSA-2024:1862 https://access.redhat.com/errata/RHSA-2024:1864 https://access.redhat.com/errata/RHSA-2024:1866 https://access.redhat.com/errata/RHSA-2024:1867

Share on: