A flaw was found in Keycloak's redirect_uri validation logic. This issue may allow a bypass of otherwise explicitly allowed hosts. A successful attack may lead to the theft of an access token, making it possible for the attacker to impersonate other users. It is very similar to CVE-2023-6291.
References
Configurations
No configuration.
History
17 Apr 2024, 16:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
17 Apr 2024, 14:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-04-17 14:15
Updated : 2024-04-17 16:15
NVD link : CVE-2024-2419
Mitre link : CVE-2024-2419
CVE.ORG link : CVE-2024-2419
JSON object : View
Products Affected
No product.
CWE
CWE-601
URL Redirection to Untrusted Site ('Open Redirect')