Описание
Keycloak path traversal vulnerability in the redirect validation
An issue was found in the redirect_uri validation logic that allows for a bypass of otherwise explicitly allowed hosts.
Пакеты
org.keycloak:keycloak-services
< 22.0.10
22.0.10
org.keycloak:keycloak-services
>= 23.0.0, < 24.0.3
24.0.3
Связанные уязвимости
A flaw was found in Keycloak's redirect_uri validation logic. This issue may allow a bypass of otherwise explicitly allowed hosts. A successful attack may lead to the theft of an access token, making it possible for the attacker to impersonate other users. It is very similar to CVE-2023-6291.
A flaw was found in Keycloak's redirect_uri validation logic. This issue may allow a bypass of otherwise explicitly allowed hosts. A successful attack may lead to the theft of an access token, making it possible for the attacker to impersonate other users. It is very similar to CVE-2023-6291.
A flaw was found in Keycloak's redirect_uri validation logic. This iss ...