CVE-2024-1249
CVSS v3.1
7.4 (High)
EPSS
0.04 % (14th)
Advisories
1
NVD Status
Awaiting Analysis
A flaw was found in Keycloak's OIDC component in the "checkLoginIframe," which allows unvalidated cross-origin messages. This flaw allows attackers to coordinate and send millions of requests in seconds using simple code, significantly impacting the application's availability without proper origin validation for incoming messages.
Weaknesses
- CWE-346
- Origin Validation Error
- CVE Status
- PUBLISHED
- NVD Status
- Awaiting Analysis
- CNA
- Red Hat, Inc.
- Published Date
-
2024-04-17 14:15:08
(5 months ago) - Updated Date
-
2024-06-24 06:15:11
(2 months ago)
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...