REDHAT-BUG-2251407
First published: Fri Nov 24 2023(Updated: )
An issue was found in the redirect_uri validation logic that allows for a bypass of otherwise explicitly allowed hosts. The problem arises in the verifyRedirectUri method, which attempts to enforce rules on user-controllable input, but essentially causes a desynchronization in how Keycloak and browsers interpret URLs. Keycloak, for example, receives "<a href="https://www%2ekeycloak%2eorg%2fapp%2f:y@example.com">https://www%2ekeycloak%2eorg%2fapp%2f:y@example.com</a>" and thinks the authority to be keycloak.org when it is actually example.com. This happens because the validation logic is performed on a URL decoded version, which no longer represents the original input. Refer: <a href="https://github.com/keycloak/keycloak/pull/24819">https://github.com/keycloak/keycloak/pull/24819</a>
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Red Hat Build of Keycloak |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://www%2ekeycloak%2eorg%2fapp%2f:y@example.com
- https://github.com/keycloak/keycloak/pull/24819
- https://access.redhat.com/errata/RHSA-2023:7855
- https://access.redhat.com/errata/RHSA-2023:7856
- https://access.redhat.com/errata/RHSA-2023:7854
- https://access.redhat.com/errata/RHSA-2023:7858
- https://access.redhat.com/errata/RHSA-2023:7860
- https://access.redhat.com/errata/RHSA-2023:7857
- https://access.redhat.com/errata/RHSA-2023:7861
- https://access.redhat.com/errata/RHSA-2024:0799
- https://access.redhat.com/errata/RHSA-2024:0800
- https://access.redhat.com/errata/RHSA-2024:0798
- https://access.redhat.com/errata/RHSA-2024:0801
- https://access.redhat.com/errata/RHSA-2024:0804
- https://bugzilla.redhat.com/show_bug.cgi?id=2251407
Frequently Asked Questions
What is the severity of REDHAT-BUG-2251407?
The severity of REDHAT-BUG-2251407 is considered high due to the potential for unauthorized redirection.
How do I fix REDHAT-BUG-2251407?
To fix REDHAT-BUG-2251407, update your installation of Red Hat Keycloak to the latest version where the vulnerability has been addressed.
What is the impact of REDHAT-BUG-2251407?
The impact of REDHAT-BUG-2251407 includes the possibility for an attacker to bypass protection mechanisms for allowed hosts.
What versions of Keycloak are affected by REDHAT-BUG-2251407?
Versions of Red Hat Keycloak that can be impacted by REDHAT-BUG-2251407 are those prior to the patched release.
Is REDHAT-BUG-2251407 publicly disclosed?
Yes, REDHAT-BUG-2251407 has been publicly disclosed in Red Hat's bug tracking system.
- agent/type
- agent/first-publish-date
- agent/severity
- agent/description
- agent/event
- agent/references
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2023-6291
- agent/last-modified-date
- agent/source
- agent/softwarecombine
- agent/tags
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/red hat
- canonical/red hat build of keycloak