CVE-2023-6291

Keycloak: redirect_uri validation bypass

Severity Score

7.1

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

A flaw was found in the redirect_uri validation logic in Keycloak. This issue may allow a bypass of otherwise explicitly allowed hosts. A successful attack may lead to an access token being stolen, making it possible for the attacker to impersonate other users.

Se encontró un fallo en la lógica de validación de redirect_uri en Keycloak. Este problema puede permitir la omisión de hosts permitidos explícitamente. Un ataque exitoso puede provocar el robo de un token de acceso, lo que hace posible que el atacante se haga pasar por otros usuarios.

*Credits: N/A

CVSS Scores

NISTv3.1 7.1

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Changed

Confidentiality

Low

Integrity

Low

Availability

Low

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2023-11-24 CVE Reserved
2024-01-26 CVE Published
2024-09-13 EPSS Updated
2024-11-13 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-601: URL Redirection to Untrusted Site ('Open Redirect')

CAPEC

References (14)

URL	Tag	Source

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
https://access.redhat.com/errata/RHSA-2023:7854	2024-02-14
https://access.redhat.com/errata/RHSA-2023:7855	2024-02-14
https://access.redhat.com/errata/RHSA-2023:7856	2024-02-14
https://access.redhat.com/errata/RHSA-2023:7857	2024-02-14
https://access.redhat.com/errata/RHSA-2023:7858	2024-02-14
https://access.redhat.com/errata/RHSA-2023:7860	2024-02-14
https://access.redhat.com/errata/RHSA-2023:7861	2024-02-14
https://access.redhat.com/errata/RHSA-2024:0798	2024-02-14
https://access.redhat.com/errata/RHSA-2024:0799	2024-02-14
https://access.redhat.com/errata/RHSA-2024:0800	2024-02-14
https://access.redhat.com/errata/RHSA-2024:0801	2024-02-14
https://access.redhat.com/errata/RHSA-2024:0804	2024-02-14
https://access.redhat.com/security/cve/CVE-2023-6291	2024-02-13
https://bugzilla.redhat.com/show_bug.cgi?id=2251407	2024-02-13

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Redhat Search vendor "Redhat"	Openshift Container Platform Search vendor "Redhat" for product "Openshift Container Platform"	4.11 Search vendor "Redhat" for product "Openshift Container Platform" and version "4.11"	-	Affected	in	Redhat Search vendor "Redhat"	Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux"	8.0 Search vendor "Redhat" for product "Enterprise Linux" and version "8.0"	-	Safe
Redhat Search vendor "Redhat"	Openshift Container Platform Search vendor "Redhat" for product "Openshift Container Platform"	4.12 Search vendor "Redhat" for product "Openshift Container Platform" and version "4.12"	-	Affected	in	Redhat Search vendor "Redhat"	Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux"	8.0 Search vendor "Redhat" for product "Enterprise Linux" and version "8.0"	-	Safe
Redhat Search vendor "Redhat"	Openshift Container Platform For Ibm Z Search vendor "Redhat" for product "Openshift Container Platform For Ibm Z"	4.9 Search vendor "Redhat" for product "Openshift Container Platform For Ibm Z" and version "4.9"	-	Affected	in	Redhat Search vendor "Redhat"	Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux"	8.0 Search vendor "Redhat" for product "Enterprise Linux" and version "8.0"	-	Safe
Redhat Search vendor "Redhat"	Openshift Container Platform For Ibm Z Search vendor "Redhat" for product "Openshift Container Platform For Ibm Z"	4.10 Search vendor "Redhat" for product "Openshift Container Platform For Ibm Z" and version "4.10"	-	Affected	in	Redhat Search vendor "Redhat"	Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux"	8.0 Search vendor "Redhat" for product "Enterprise Linux" and version "8.0"	-	Safe
Redhat Search vendor "Redhat"	Openshift Container Platform For Linuxone Search vendor "Redhat" for product "Openshift Container Platform For Linuxone"	4.9 Search vendor "Redhat" for product "Openshift Container Platform For Linuxone" and version "4.9"	-	Affected	in	Redhat Search vendor "Redhat"	Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux"	8.0 Search vendor "Redhat" for product "Enterprise Linux" and version "8.0"	-	Safe
Redhat Search vendor "Redhat"	Openshift Container Platform For Linuxone Search vendor "Redhat" for product "Openshift Container Platform For Linuxone"	4.10 Search vendor "Redhat" for product "Openshift Container Platform For Linuxone" and version "4.10"	-	Affected	in	Redhat Search vendor "Redhat"	Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux"	8.0 Search vendor "Redhat" for product "Enterprise Linux" and version "8.0"	-	Safe
Redhat Search vendor "Redhat"	Openshift Container Platform For Power Search vendor "Redhat" for product "Openshift Container Platform For Power"	4.9 Search vendor "Redhat" for product "Openshift Container Platform For Power" and version "4.9"	-	Affected	in	Redhat Search vendor "Redhat"	Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux"	8.0 Search vendor "Redhat" for product "Enterprise Linux" and version "8.0"	-	Safe
Redhat Search vendor "Redhat"	Openshift Container Platform For Power Search vendor "Redhat" for product "Openshift Container Platform For Power"	4.10 Search vendor "Redhat" for product "Openshift Container Platform For Power" and version "4.10"	-	Affected	in	Redhat Search vendor "Redhat"	Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux"	8.0 Search vendor "Redhat" for product "Enterprise Linux" and version "8.0"	-	Safe
Redhat Search vendor "Redhat"	Single Sign-on Search vendor "Redhat" for product "Single Sign-on"	7.6 Search vendor "Redhat" for product "Single Sign-on" and version "7.6"	-	Affected	in	Redhat Search vendor "Redhat"	Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux"	7.0 Search vendor "Redhat" for product "Enterprise Linux" and version "7.0"	-	Safe
Redhat Search vendor "Redhat"	Single Sign-on Search vendor "Redhat" for product "Single Sign-on"	7.6 Search vendor "Redhat" for product "Single Sign-on" and version "7.6"	-	Affected	in	Redhat Search vendor "Redhat"	Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux"	8.0 Search vendor "Redhat" for product "Enterprise Linux" and version "8.0"	-	Safe
Redhat Search vendor "Redhat"	Single Sign-on Search vendor "Redhat" for product "Single Sign-on"	7.6 Search vendor "Redhat" for product "Single Sign-on" and version "7.6"	-	Affected	in	Redhat Search vendor "Redhat"	Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux"	9.0 Search vendor "Redhat" for product "Enterprise Linux" and version "9.0"	-	Safe
Redhat Search vendor "Redhat"		Keycloak Search vendor "Redhat" for product "Keycloak"				< 22.0.7 Search vendor "Redhat" for product "Keycloak" and version " < 22.0.7"		-		Affected
Redhat Search vendor "Redhat"		Single Sign-on Search vendor "Redhat" for product "Single Sign-on"				-		text-only		Affected
Redhat Search vendor "Redhat"		Migration Toolkit For Applications Search vendor "Redhat" for product "Migration Toolkit For Applications"				6.0 Search vendor "Redhat" for product "Migration Toolkit For Applications" and version "6.0"		-		Affected
Redhat Search vendor "Redhat"		Migration Toolkit For Applications Search vendor "Redhat" for product "Migration Toolkit For Applications"				7.0 Search vendor "Redhat" for product "Migration Toolkit For Applications" and version "7.0"		-		Affected