CVE-2024-8883

CVSS V2 None CVSS V3 None

Description

A misconfiguration flaw was found in Keycloak. This issue can allow an attacker to redirect users to an arbitrary URL if a 'Valid Redirect URI' is set to http://localhost or http://127.0.0.1, enabling sensitive information such as authorization codes to be exposed to the attacker, potentially leading to session hijacking.

Overview

CVE ID
CVE-2024-8883

Assigner
redhat

Vulnerability Status
PUBLISHED

Published Version
2024-09-19T15:48:28.468Z

Last Modified Date
2024-09-19T19:49:20.694Z

Weakness Enumerations

CWE	URL
CWE-601	http://cwe.mitre.org/data/definitions/601.html

References

Reference URL	Reference Tags
https://access.redhat.com/errata/RHSA-2024:6878	vendor-advisory x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:6879	vendor-advisory x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:6880	vendor-advisory x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:6882	vendor-advisory x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:6886	vendor-advisory x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:6887	vendor-advisory x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:6888	vendor-advisory x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:6889	vendor-advisory x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:6890	vendor-advisory x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2024-8883	vdb-entry x_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2312511	issue-tracking x_refsource_REDHAT
https://github.com/keycloak/keycloak/blob/main/services/src/main/java/org/keycloak/protocol/oidc/utils/RedirectUtils.java

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2024-8883
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-8883

History

Created	Old Value	New Value	Data Type	Notes
2024-10-06 05:13:03				Added to TrackCVE