1. Home
  2. Security Advisories
  3. Maven
  4. MAVEN:GHSA-8RMM-GM28-PJ8Q

[MAVEN:GHSA-8RMM-GM28-PJ8Q] Keycloak Cross-site Scripting (XSS) via assertion consumer service URL in SAML POST-binding flow

Severity High
Affected Packages 2
Fixed Packages 2
CVEs 1
Info Packages References Vulnerabilities

Keycloak allows arbitrary URLs as SAML Assertion Consumer Service POST Binding URL (ACS), including JavaScript URIs (javascript:).

Allowing JavaScript URIs in combination with HTML forms leads to JavaScript evaluation in the context of the embedding origin on form submission.

Acknowledgements:

Special thanks to Lauritz Holtmann for reporting this issue and helping us improve our project.

Package Affected Version
pkg:maven/org.keycloak/keycloak-services >= 23.0.0, < 24.0.3
pkg:maven/org.keycloak/keycloak-services < 22.0.10
Package Fixed Version
pkg:maven/org.keycloak/keycloak-services = 24.0.3
pkg:maven/org.keycloak/keycloak-services = 22.0.10
ID
MAVEN:GHSA-8RMM-GM28-PJ8Q
Severity
high
URL
https://github.com/advisories/GHSA-8rmm-gm28-pj8q
Published
2024-04-17T17:33:04
(5 months ago)
Modified
2024-04-17T17:33:06
(5 months ago)
Rights
Maven Security Team
Type Package URL Namespace Name / Product Version Distribution / Platform Arch Patch / Fix
Affected pkg:maven/org.keycloak/keycloak-services org.keycloak keycloak-services >= 23.0.0 < 24.0.3
Fixed pkg:maven/org.keycloak/keycloak-services org.keycloak keycloak-services = 24.0.3
Affected pkg:maven/org.keycloak/keycloak-services org.keycloak keycloak-services < 22.0.10
Fixed pkg:maven/org.keycloak/keycloak-services org.keycloak keycloak-services = 22.0.10
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories Exploits PoC Pubblication Date Modification Date
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories PoC Pubblication Date Modification Date