CVE-2024-1132
HIGHKeycloak >=21.1.0 <22.0.10 - Open Redirect via Wildcard Valid Redirect URIs
Title source: llmDescription
A flaw was found in Keycloak, where it does not properly validate URLs included in a redirect. This issue could allow an attacker to construct a malicious request to bypass validation and access other URLs and sensitive information within the domain or conduct further attacks. This flaw affects any client that utilizes a wildcard in the Valid Redirect URIs field, and requires user interaction within the malicious URL.
References (14)
Core 14
Core References
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2024:1860
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2024:1861
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2024:1862
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2024:1864
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2024:1866
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2024:1867
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2024:1868
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2024:2945
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2024:3752
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2024:3762
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2024:3919
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2024:3989
Vendor Advisory vdb-entry
x_refsource_redhat
https://access.redhat.com/security/cve/CVE-2024-1132
Issue Tracking, Vendor Advisory issue-tracking
x_refsource_redhat
https://bugzilla.redhat.com/show_bug.cgi?id=2262117
Scores
CVSS v3
8.1
EPSS
0.0033
EPSS Percentile
55.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
total
Details
CWE
CWE-22
Status
published
Products (40)
org.keycloak/keycloak-services
0 - 22.0.10Maven
Red Hat/Migration Toolkit for Runtimes 1 on RHEL 8
1.2-14
Red Hat/Migration Toolkit for Runtimes 1 on RHEL 8
1.2-15
Red Hat/Migration Toolkit for Runtimes 1 on RHEL 8
1.2-16
Red Hat/Migration Toolkit for Runtimes 1 on RHEL 8
1.2-23
Red Hat/MTA-6.2-RHEL-9
6.2.3-2
Red Hat/Red Hat AMQ Broker 7
Red Hat/Red Hat build of Apicurio Registry 2
Red Hat/Red Hat build of Keycloak 22
22-13
Red Hat/Red Hat build of Keycloak 22
22-16
... and 30 more
Published
Apr 17, 2024
Tracked Since
Feb 18, 2026