CVE-2024-1132
CVSS v3.1
8.1 (High)
EPSS
0.05 % (18th)
Advisories
1
NVD Status
Awaiting Analysis
A flaw was found in Keycloak, where it does not properly validate URLs included in a redirect. This issue could allow an attacker to construct a malicious request to bypass validation and access other URLs and sensitive information within the domain or conduct further attacks. This flaw affects any client that utilizes a wildcard in the Valid Redirect URIs field, and requires user interaction within the malicious URL.
Weaknesses
- CWE-22
- Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
- CVE Status
- PUBLISHED
- NVD Status
- Awaiting Analysis
- CNA
- Red Hat, Inc.
- Published Date
-
2024-04-17 14:15:07
(5 months ago) - Updated Date
-
2024-07-03 01:45:01
(2 months ago)
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...