Описание
A flaw was found in Keycloak’s CIBA feature where insufficient validation of client-configured backchannel notification endpoints could allow blind server-side requests to internal services.
Отчет
This LOW impact flaw in Red Hat Build of Keycloak allows a highly privileged attacker to perform blind Server-Side Request Forgery (SSRF). By configuring the CIBA backchannel notification endpoint to an internal URL, an attacker can induce Keycloak to send requests to arbitrary internal services. Exploitation requires administrative access or a valid Initial Access Token to configure client settings.
Меры по смягчению последствий
To mitigate this issue, restrict administrative access to Keycloak instances. Ensure that only trusted and authorized personnel have the necessary privileges to configure client settings, including the backchannel_client_notification_endpoint. This limits the ability of an attacker to manipulate the endpoint for SSRF attacks.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Build of Keycloak | rhbk/keycloak-operator-bundle | Fix deferred | ||
| Red Hat Build of Keycloak | rhbk/keycloak-rhel9 | Fix deferred | ||
| Red Hat Build of Keycloak | rhbk/keycloak-rhel9-operator | Fix deferred |
Показывать по
Дополнительная информация
Статус:
EPSS
2.7 Low
CVSS3
Связанные уязвимости
A flaw was found in Keycloak’s CIBA feature where insufficient validation of client-configured backchannel notification endpoints could allow blind server-side requests to internal services.
A flaw was found in Keycloak\u2019s CIBA feature where insufficient va ...
Keycloak Server-Side Request Forgery (SSRF) vulnerability
EPSS
2.7 Low
CVSS3