CVE-2024-1249

HIGH

Org.keycloak Keycloak-services < 22.0.10 - Origin Validation Error

Title source: rule

Description

A flaw was found in Keycloak's OIDC component in the "checkLoginIframe," which allows unvalidated cross-origin messages. This flaw allows attackers to coordinate and send millions of requests in seconds using simple code, significantly impacting the application's availability without proper origin validation for incoming messages.

References (11)

[Vendor Advisory] https://access.redhat.com/errata/RHSA-2024:1860

[Vendor Advisory] https://access.redhat.com/errata/RHSA-2024:1861

[Vendor Advisory] https://access.redhat.com/errata/RHSA-2024:1862

[Vendor Advisory] https://access.redhat.com/errata/RHSA-2024:1864

[Vendor Advisory] https://access.redhat.com/errata/RHSA-2024:1866

[Vendor Advisory] https://access.redhat.com/errata/RHSA-2024:1867

[Vendor Advisory] https://access.redhat.com/errata/RHSA-2024:1868

[Vendor Advisory] https://access.redhat.com/errata/RHSA-2024:2945

[Vendor Advisory] https://access.redhat.com/errata/RHSA-2024:4057

[Vendor Advisory] https://access.redhat.com/security/cve/CVE-2024-1249

[Issue Tracking] https://bugzilla.redhat.com/show_bug.cgi?id=2262918

Scores

CVSS v3 7.4

EPSS 0.0017

EPSS Percentile 37.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-346

Status published

Products (27)

org.keycloak/keycloak-services 0 - 22.0.10Maven

Red Hat/Migration Toolkit for Applications 6

Red Hat/Migration Toolkit for Applications 7

Red Hat/Red Hat AMQ Broker 7

Red Hat/Red Hat build of Apicurio Registry 2

Red Hat/Red Hat build of Keycloak 22 22-13

Red Hat/Red Hat build of Keycloak 22 22-16

Red Hat/Red Hat build of Keycloak 22 22.0.10-1

Red Hat/Red Hat build of Keycloak 22.0.10

Red Hat/Red Hat Data Grid 8

... and 17 more

Published Apr 17, 2024

Tracked Since Feb 18, 2026