1. Home
  2. Vulnerabilities
  3. CVE-2024-1249

CVE-2024-1249

CVSS v3.1 7.4 (High)
74% Progress
EPSS 0.04 % (14th)
0.04% Progress
Advisories 1
NVD Status Awaiting Analysis
Info CVSS EPSS CAPEC References Security Advisories Packages & Software Tools, Exploits & PoC Graph Web & Social Timeline

A flaw was found in Keycloak's OIDC component in the "checkLoginIframe," which allows unvalidated cross-origin messages. This flaw allows attackers to coordinate and send millions of requests in seconds using simple code, significantly impacting the application's availability without proper origin validation for incoming messages.

Weaknesses
CWE-346
Origin Validation Error
CVE Status
PUBLISHED
NVD Status
Awaiting Analysis
CNA
Red Hat, Inc.
Published Date
2024-04-17 14:15:08
(5 months ago)
Updated Date
2024-06-24 06:15:11
(2 months ago)