CVE-2024-1249
CVSS V2 None
CVSS V3 None
Description
A flaw was found in Keycloak's OIDC component in the "checkLoginIframe," which allows unvalidated cross-origin messages. This flaw allows attackers to coordinate and send millions of requests in seconds using simple code, significantly impacting the application's availability without proper origin validation for incoming messages.
Overview
- CVE ID
- CVE-2024-1249
- Assigner
- redhat
- Vulnerability Status
- PUBLISHED
- Published Version
- 2024-04-17T13:22:48.335Z
- Last Modified Date
- 2024-06-24T05:12:07.583Z
Weakness Enumerations
References
| Reference URL | Reference Tags |
|---|---|
| https://access.redhat.com/errata/RHSA-2024:1860 | vendor-advisory x_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2024:1861 | vendor-advisory x_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2024:1862 | vendor-advisory x_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2024:1864 | vendor-advisory x_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2024:1866 | vendor-advisory x_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2024:1867 | vendor-advisory x_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2024:1868 | vendor-advisory x_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2024:2945 | vendor-advisory x_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2024:4057 | vendor-advisory x_refsource_REDHAT |
| https://access.redhat.com/security/cve/CVE-2024-1249 | vdb-entry x_refsource_REDHAT |
| https://bugzilla.redhat.com/show_bug.cgi?id=2262918 | issue-tracking x_refsource_REDHAT |
Sources
| Source Name | Source URL |
|---|---|
| NIST | https://nvd.nist.gov/vuln/detail/CVE-2024-1249 |
| MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1249 |
History
| Created | Old Value | New Value | Data Type | Notes |
|---|---|---|---|---|
| 2024-06-26 05:31:02 | Added to TrackCVE |