1. Home
  2. Vulnerabilities
  3. CVE-2024-1132

CVE-2024-1132

CVSS v3.1 8.1 (High)
81% Progress
EPSS 0.05 % (18th)
0.05% Progress
Advisories 1
NVD Status Awaiting Analysis
Info CVSS EPSS CAPEC References Security Advisories Packages & Software Tools, Exploits & PoC Graph Web & Social Timeline

A flaw was found in Keycloak, where it does not properly validate URLs included in a redirect. This issue could allow an attacker to construct a malicious request to bypass validation and access other URLs and sensitive information within the domain or conduct further attacks. This flaw affects any client that utilizes a wildcard in the Valid Redirect URIs field, and requires user interaction within the malicious URL.

Weaknesses
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE Status
PUBLISHED
NVD Status
Awaiting Analysis
CNA
Red Hat, Inc.
Published Date
2024-04-17 14:15:07
(5 months ago)
Updated Date
2024-07-03 01:45:01
(2 months ago)