CVE-2024-1249
HIGHKeycloak < 22.0.10 - Unauthenticated Denial of Service via OIDC checkLoginIframe Origin Validation Error
Title source: llmDescription
A flaw was found in Keycloak's OIDC component in the "checkLoginIframe," which allows unvalidated cross-origin messages. This flaw allows attackers to coordinate and send millions of requests in seconds using simple code, significantly impacting the application's availability without proper origin validation for incoming messages.
References (11)
Core 11
Core References
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2024:1864
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2024:1866
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2024:1867
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2024:1868
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2024:2945
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2024:1860
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2024:1861
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2024:1862
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2024:4057
Vendor Advisory vdb-entry
x_refsource_redhat
https://access.redhat.com/security/cve/CVE-2024-1249
Issue Tracking issue-tracking
x_refsource_redhat
https://bugzilla.redhat.com/show_bug.cgi?id=2262918
Scores
CVSS v3
7.4
EPSS
0.0045
EPSS Percentile
35.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-346
Status
published
Products (27)
org.keycloak/keycloak-services
0 - 22.0.10Maven
Red Hat/Migration Toolkit for Applications 6
Red Hat/Migration Toolkit for Applications 7
Red Hat/Red Hat AMQ Broker 7
Red Hat/Red Hat build of Apicurio Registry 2
Red Hat/Red Hat build of Keycloak 22
22-13
Red Hat/Red Hat build of Keycloak 22
22-16
Red Hat/Red Hat build of Keycloak 22
22.0.10-1
Red Hat/Red Hat build of Keycloak 22.0.10
Red Hat/Red Hat Data Grid 8
... and 17 more
Published
Apr 17, 2024
Tracked Since
Feb 18, 2026