CVE-2023-6291

A flaw was found in the redirect_uri validation logic in Keycloak. This issue may allow a bypass of otherwise explicitly allowed hosts. A successful attack may lead to an access token being stolen, making it possible for the attacker to impersonate other users.

CVSS v3 7.1 HIGH

7.1^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 3.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact LOW

Scope CHANGED

References

Link	Resource
https://access.redhat.com/errata/RHSA-2023:7854	Vendor Advisory
https://access.redhat.com/errata/RHSA-2023:7855	Vendor Advisory
https://access.redhat.com/errata/RHSA-2023:7856	Vendor Advisory
https://access.redhat.com/errata/RHSA-2023:7857	Vendor Advisory
https://access.redhat.com/errata/RHSA-2023:7858	Vendor Advisory
https://access.redhat.com/errata/RHSA-2023:7860	Vendor Advisory
https://access.redhat.com/errata/RHSA-2023:7861	Vendor Advisory
https://access.redhat.com/errata/RHSA-2024:0798
https://access.redhat.com/errata/RHSA-2024:0799
https://access.redhat.com/errata/RHSA-2024:0800
https://access.redhat.com/errata/RHSA-2024:0801
https://access.redhat.com/errata/RHSA-2024:0804
https://access.redhat.com/security/cve/CVE-2023-6291	Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2251407	Issue Tracking Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:redhat:keycloak::::::::
	cpe:2.3:a:redhat:single_sign-on:-::::text-only:::

Configuration 2 (hide)

AND

OR	cpe:2.3:a:redhat:openshift_container_platform:4.11:::::::*
	cpe:2.3:a:redhat:openshift_container_platform:4.12:::::::*
	cpe:2.3:a:redhat:openshift_container_platform_for_ibm_z:4.9:::::::*
	cpe:2.3:a:redhat:openshift_container_platform_for_ibm_z:4.10:::::::*
	cpe:2.3:a:redhat:openshift_container_platform_for_linuxone:4.9:::::::*
	cpe:2.3:a:redhat:openshift_container_platform_for_linuxone:4.10:::::::*
	cpe:2.3:a:redhat:openshift_container_platform_for_power:4.9:::::::*
	cpe:2.3:a:redhat:openshift_container_platform_for_power:4.10:::::::*

cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:a:redhat:single_sign-on:7.6:*:*:*:*:*:*:*

OR	cpe:2.3:o:redhat:enterprise_linux:7.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux:8.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux:9.0:::::::*

Configuration 4 (hide)

OR	cpe:2.3:a:redhat:migration_toolkit_for_applications:6.0:::::::*
	cpe:2.3:a:redhat:migration_toolkit_for_applications:7.0:::::::*

History

14 Feb 2024, 03:15

Type	Values Removed	Values Added
References		() https://access.redhat.com/errata/RHSA-2024:0799 - () https://access.redhat.com/errata/RHSA-2024:0800 - () https://access.redhat.com/errata/RHSA-2024:0801 - () https://access.redhat.com/errata/RHSA-2024:0804 - () https://access.redhat.com/errata/RHSA-2024:0798 -

06 Feb 2024, 16:09

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~6.1~~	v2 : unknown v3 : 7.1

03 Feb 2024, 01:42

Type	Values Removed	Values Added
References	~~() https://access.redhat.com/errata/RHSA-2023:7855 -~~	() https://access.redhat.com/errata/RHSA-2023:7855 - Vendor Advisory
References	~~() https://access.redhat.com/errata/RHSA-2023:7857 -~~	() https://access.redhat.com/errata/RHSA-2023:7857 - Vendor Advisory
References	~~() https://access.redhat.com/errata/RHSA-2023:7854 -~~	() https://access.redhat.com/errata/RHSA-2023:7854 - Vendor Advisory
References	~~() https://access.redhat.com/errata/RHSA-2023:7858 -~~	() https://access.redhat.com/errata/RHSA-2023:7858 - Vendor Advisory
References	~~() https://access.redhat.com/security/cve/CVE-2023-6291 -~~	() https://access.redhat.com/security/cve/CVE-2023-6291 - Vendor Advisory
References	~~() https://bugzilla.redhat.com/show_bug.cgi?id=2251407 -~~	() https://bugzilla.redhat.com/show_bug.cgi?id=2251407 - Issue Tracking, Vendor Advisory
References	~~() https://access.redhat.com/errata/RHSA-2023:7856 -~~	() https://access.redhat.com/errata/RHSA-2023:7856 - Vendor Advisory
References	~~() https://access.redhat.com/errata/RHSA-2023:7861 -~~	() https://access.redhat.com/errata/RHSA-2023:7861 - Vendor Advisory
References	~~() https://access.redhat.com/errata/RHSA-2023:7860 -~~	() https://access.redhat.com/errata/RHSA-2023:7860 - Vendor Advisory
First Time		Redhat single Sign-on Redhat openshift Container Platform For Ibm Z Redhat openshift Container Platform For Power Redhat openshift Container Platform Redhat Redhat openshift Container Platform For Linuxone Redhat enterprise Linux Redhat migration Toolkit For Applications Redhat keycloak
CPE		cpe:2.3:a:redhat:migration_toolkit_for_applications:7.0:::::::* cpe:2.3:o:redhat:enterprise_linux:7.0:::::::* cpe:2.3:a:redhat:openshift_container_platform_for_linuxone:4.9:::::::* cpe:2.3:a:redhat:keycloak:::::::: cpe:2.3:a:redhat:openshift_container_platform_for_power:4.9:::::::* cpe:2.3:a:redhat:migration_toolkit_for_applications:6.0:::::::* cpe:2.3:o:redhat:enterprise_linux:8.0:::::::* cpe:2.3:o:redhat:enterprise_linux:9.0:::::::* cpe:2.3:a:redhat:openshift_container_platform_for_power:4.10:::::::* cpe:2.3:a:redhat:single_sign-on:-::::text-only::: cpe:2.3:a:redhat:openshift_container_platform_for_ibm_z:4.9:::::::* cpe:2.3:a:redhat:single_sign-on:7.6:::::::* cpe:2.3:a:redhat:openshift_container_platform_for_linuxone:4.10:::::::* cpe:2.3:a:redhat:openshift_container_platform_for_ibm_z:4.10:::::::* cpe:2.3:a:redhat:openshift_container_platform:4.12:::::::* cpe:2.3:a:redhat:openshift_container_platform:4.11:::::::*
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 6.1
CWE		CWE-601

26 Jan 2024, 16:33

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-01-26 15:15

Updated : 2024-02-28 20:54

NVD link : CVE-2023-6291

Mitre link : CVE-2023-6291

CVE.ORG link : CVE-2023-6291

JSON object : View

Products Affected

redhat

openshift_container_platform_for_linuxone
enterprise_linux
openshift_container_platform
openshift_container_platform_for_power
openshift_container_platform_for_ibm_z
keycloak
single_sign-on
migration_toolkit_for_applications

CWE

CWE-601

URL Redirection to Untrusted Site ('Open Redirect')

7.1 /10