CVE-2023-6717
Keycloak: xss via assertion consumer service url in saml post-binding flow
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A flaw was found in the SAML client registration in Keycloak that could allow an administrator to register malicious JavaScript URIs as Assertion Consumer Service POST Binding URLs (ACS), posing a Cross-Site Scripting (XSS) risk. This issue may allow a malicious admin in one realm or a client with registration access to target users in different realms or applications, executing arbitrary JavaScript in their contexts upon form submission. This can enable unauthorized access and harmful actions, compromising the confidentiality, integrity, and availability of the complete KC instance.
Se encontró una falla en el registro del cliente SAML en Keycloak que podría permitir a un administrador registrar URI de JavaScript maliciosos como URL de enlace POST (ACS) del servicio de consumidor de aserción, lo que plantea un riesgo de Cross-Site Scripting (XSS). Este problema puede permitir que un administrador malicioso en un dominio o un cliente con acceso de registro se dirija a usuarios en diferentes dominios o aplicaciones, ejecutando JavaScript arbitrario en sus contextos al enviar el formulario. Esto puede permitir acceso no autorizado y acciones dañinas, comprometiendo la confidencialidad, integridad y disponibilidad de la instancia de KC completa.
CVSS Scores
SSVC
- Decision:Track*
Timeline
- 2023-12-12 CVE Reserved
- 2024-04-25 CVE Published
- 2024-06-24 EPSS Updated
- 2025-01-10 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CAPEC
References (7)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://access.redhat.com/errata/RHSA-2024:1867 | 2024-06-24 | |
| https://access.redhat.com/errata/RHSA-2024:1868 | 2024-06-24 | |
| https://access.redhat.com/errata/RHSA-2024:2945 | 2024-06-24 | |
| https://access.redhat.com/errata/RHSA-2024:4057 | 2024-06-24 | |
| https://access.redhat.com/security/cve/CVE-2023-6717 | 2024-06-24 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2253952 | 2024-06-24 | |
| https://access.redhat.com/errata/RHSA-2024:1353 | 2025-01-10 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Redhat Search vendor "Redhat" | Amq Search vendor "Redhat" for product "Amq" | * | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Amq Broker Search vendor "Redhat" for product "Amq Broker" | * | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Build Keycloak Search vendor "Redhat" for product "Build Keycloak" | * | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Build Of Keycloak Search vendor "Redhat" for product "Build Of Keycloak" | * | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Build Of Quarkus Search vendor "Redhat" for product "Build Of Quarkus" | * | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Data Grid Search vendor "Redhat" for product "Data Grid" | * | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Decision Manager Search vendor "Redhat" for product "Decision Manager" | * | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Jboss Data Grid Search vendor "Redhat" for product "Jboss Data Grid" | * | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Jboss Enterprise Application Platform Search vendor "Redhat" for product "Jboss Enterprise Application Platform" | * | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Jboss Enterprise Bpms Platform Search vendor "Redhat" for product "Jboss Enterprise Bpms Platform" | * | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Jboss Enterprise Brms Platform Search vendor "Redhat" for product "Jboss Enterprise Brms Platform" | * | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Jboss Fuse Search vendor "Redhat" for product "Jboss Fuse" | * | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Jbosseapxp Search vendor "Redhat" for product "Jbosseapxp" | * | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Migration Toolkit Search vendor "Redhat" for product "Migration Toolkit" | * | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Migration Toolkit Applications Search vendor "Redhat" for product "Migration Toolkit Applications" | * | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Openshift Gitops Search vendor "Redhat" for product "Openshift Gitops" | * | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Openshift Serverless Search vendor "Redhat" for product "Openshift Serverless" | * | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Process Automation Search vendor "Redhat" for product "Process Automation" | * | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Quarkus Search vendor "Redhat" for product "Quarkus" | * | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Red Hat Single Sign On Search vendor "Redhat" for product "Red Hat Single Sign On" | * | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Rhdh Search vendor "Redhat" for product "Rhdh" | * | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Service Registry Search vendor "Redhat" for product "Service Registry" | * | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Openshift Search vendor "Redhat" for product "Openshift" | * | - |
Affected
| ||||||