Vulnerability Details CVE-2024-8883
A misconfiguration flaw was found in Keycloak. This issue can allow an attacker to redirect users to an arbitrary URL if a 'Valid Redirect URI' is set to http://localhost or http://127.0.0.1, enabling sensitive information such as authorization codes to be exposed to the attacker, potentially leading to session hijacking.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.045
EPSS Ranking 88.5%
CVSS Severity
CVSS v3 Score 6.1
References
- https://access.redhat.com/errata/RHSA-2024:10385
- https://access.redhat.com/errata/RHSA-2024:10386
- https://access.redhat.com/errata/RHSA-2024:6878
- https://access.redhat.com/errata/RHSA-2024:6879
- https://access.redhat.com/errata/RHSA-2024:6880
- https://access.redhat.com/errata/RHSA-2024:6882
- https://access.redhat.com/errata/RHSA-2024:6886
- https://access.redhat.com/errata/RHSA-2024:6887
- https://access.redhat.com/errata/RHSA-2024:6888
- https://access.redhat.com/errata/RHSA-2024:6889
- https://access.redhat.com/errata/RHSA-2024:6890
- https://access.redhat.com/errata/RHSA-2024:8823
- https://access.redhat.com/errata/RHSA-2024:8824
- https://access.redhat.com/errata/RHSA-2024:8826
- https://access.redhat.com/security/cve/CVE-2024-8883
- https://bugzilla.redhat.com/show_bug.cgi?id=2312511
- https://github.com/keycloak/keycloak/blob/main/services/src/main/java/org/keycloak/protocol/oidc/utils/RedirectUtils.java
Products affected by CVE-2024-8883
-
cpe:2.3:a:redhat:build_of_keycloak:-
-
cpe:2.3:a:redhat:openshift_container_platform:4.11
-
cpe:2.3:a:redhat:openshift_container_platform:4.12
-
cpe:2.3:a:redhat:openshift_container_platform_for_ibm_z:4.10
-
cpe:2.3:a:redhat:openshift_container_platform_for_ibm_z:4.9
-
cpe:2.3:a:redhat:openshift_container_platform_for_linuxone:4.10
-
cpe:2.3:a:redhat:openshift_container_platform_for_linuxone:4.9
-
cpe:2.3:a:redhat:openshift_container_platform_for_power:4.10
-
cpe:2.3:a:redhat:openshift_container_platform_for_power:4.9
-
cpe:2.3:a:redhat:single_sign-on:-
-
cpe:2.3:a:redhat:single_sign-on:7.6