First published: Mon Sep 16 2024(Updated: )
A misconfiguration flaw was found in Keycloak. This issue can allow an attacker to redirect users to an arbitrary URL if a 'Valid Redirect URI' is set to http://localhost or http://127.0.0.1, enabling sensitive information such as authorization codes to be exposed to the attacker, potentially leading to session hijacking.
Credit: secalert@redhat.com secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
Redhat Build Of Keycloak | ||
Redhat Openshift Container Platform | =4.11 | |
Redhat Openshift Container Platform | =4.12 | |
Redhat Openshift Container Platform For Ibm Z | =4.9 | |
Redhat Openshift Container Platform For Ibm Z | =4.10 | |
Redhat Openshift Container Platform For Linuxone | =4.9 | |
Redhat Openshift Container Platform For Linuxone | =4.10 | |
Redhat Openshift Container Platform For Power | =4.9 | |
Redhat Openshift Container Platform For Power | =4.10 | |
Redhat Single Sign-on | ||
Redhat Single Sign-on | =7.6 | |
maven/org.keycloak:keycloak-services | <25.0.6 | 25.0.6 |
=4.11 | ||
=4.12 | ||
=4.9 | ||
=4.10 | ||
=4.9 | ||
=4.10 | ||
=4.9 | ||
=4.10 | ||
=7.6 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.