First published: Wed Apr 17 2024(Updated: )
A flaw was found in Keycloak, where it does not properly validate URLs included in a redirect. An attacker can use this flaw to construct a malicious request to bypass validation and access other URLs and potentially sensitive information within the domain or possibly conduct further attacks. This flaw affects any client that utilizes a wildcard in the Valid Redirect URIs field. #### Acknowledgements: Special thanks to Axel Flamcourt for reporting this issue and helping us improve our project.
Affected Software | Affected Version | How to fix |
---|---|---|
maven/org.keycloak:keycloak-services | >=23.0.0<24.0.3 | 24.0.3 |
maven/org.keycloak:keycloak-services | <22.0.10 | 22.0.10 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.