CVE-2024-1132
Keycloak: path transversal in redirection validation
Severity Score
8.1
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
Attend
*SSVC
Descriptions
A flaw was found in Keycloak, where it does not properly validate URLs included in a redirect. This issue could allow an attacker to construct a malicious request to bypass validation and access other URLs and sensitive information within the domain or conduct further attacks. This flaw affects any client that utilizes a wildcard in the Valid Redirect URIs field, and requires user interaction within the malicious URL.
Se encontró una falla en Keycloak, donde no valida correctamente las URL incluidas en una redirección. Este problema podría permitir a un atacante crear una solicitud maliciosa para eludir la validación y acceder a otras URL e información confidencial dentro del dominio o realizar más ataques. Esta falla afecta a cualquier cliente que utilice un comodín en el campo URI de redireccionamiento válido y requiere la interacción del usuario dentro de la URL maliciosa.
*Credits:
Red Hat would like to thank Axel Flamcourt for reporting this issue.
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:Attend
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2024-01-31 CVE Reserved
- 2024-04-17 CVE Published
- 2024-06-19 EPSS Updated
- 2024-12-20 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CAPEC
References (14)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://access.redhat.com/errata/RHSA-2024:1860 | 2024-07-03 | |
| https://access.redhat.com/errata/RHSA-2024:1861 | 2024-07-03 | |
| https://access.redhat.com/errata/RHSA-2024:1862 | 2024-07-03 | |
| https://access.redhat.com/errata/RHSA-2024:1864 | 2024-07-03 | |
| https://access.redhat.com/errata/RHSA-2024:1866 | 2024-07-03 | |
| https://access.redhat.com/errata/RHSA-2024:1867 | 2024-07-03 | |
| https://access.redhat.com/errata/RHSA-2024:1868 | 2024-07-03 | |
| https://access.redhat.com/errata/RHSA-2024:2945 | 2024-07-03 | |
| https://access.redhat.com/errata/RHSA-2024:3752 | 2024-07-03 | |
| https://access.redhat.com/errata/RHSA-2024:3762 | 2024-07-03 | |
| https://access.redhat.com/errata/RHSA-2024:3919 | 2024-07-03 | |
| https://access.redhat.com/errata/RHSA-2024:3989 | 2024-07-03 | |
| https://access.redhat.com/security/cve/CVE-2024-1132 | 2024-06-20 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2262117 | 2024-06-20 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Redhat Search vendor "Redhat" | Amq Search vendor "Redhat" for product "Amq" | * | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Amq Broker Search vendor "Redhat" for product "Amq Broker" | * | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Build Keycloak Search vendor "Redhat" for product "Build Keycloak" | * | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Build Of Keycloak Search vendor "Redhat" for product "Build Of Keycloak" | * | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Build Of Quarkus Search vendor "Redhat" for product "Build Of Quarkus" | * | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Data Grid Search vendor "Redhat" for product "Data Grid" | * | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Decision Manager Search vendor "Redhat" for product "Decision Manager" | * | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Jboss Data Grid Search vendor "Redhat" for product "Jboss Data Grid" | * | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Jboss Enterprise Application Platform Search vendor "Redhat" for product "Jboss Enterprise Application Platform" | * | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Jboss Enterprise Bpms Platform Search vendor "Redhat" for product "Jboss Enterprise Bpms Platform" | * | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Jboss Enterprise Brms Platform Search vendor "Redhat" for product "Jboss Enterprise Brms Platform" | * | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Jboss Fuse Search vendor "Redhat" for product "Jboss Fuse" | * | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Migration Toolkit Search vendor "Redhat" for product "Migration Toolkit" | * | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Migration Toolkit Applications Search vendor "Redhat" for product "Migration Toolkit Applications" | * | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Migration Toolkit Runtimes Search vendor "Redhat" for product "Migration Toolkit Runtimes" | * | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Process Automation Search vendor "Redhat" for product "Process Automation" | * | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Quarkus Search vendor "Redhat" for product "Quarkus" | * | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Red Hat Single Sign On Search vendor "Redhat" for product "Red Hat Single Sign On" | * | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Rhosemc Search vendor "Redhat" for product "Rhosemc" | * | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Service Registry Search vendor "Redhat" for product "Service Registry" | * | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux" | * | - |
Affected
| ||||||