← voltar
CVE-2024-1132

Keycloak: path transversal in redirection validation

CVSS 8.1 HIGHEPSS 1.6%CWE-22
A flaw was found in Keycloak, where it does not properly validate URLs included in a redirect. This issue could allow an attacker to construct a malicious request to bypass validation and access other URLs and sensitive information within the domain or conduct further attacks. This flaw affects any client that utilizes a wildcard in the Valid Redirect URIs field, and requires user interaction within the malicious URL.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
Produtos afetados
keycloakRed Hat · Migration Toolkit for Runtimes 1 on RHEL 8Red Hat · MTA-6.2-RHEL-9Red Hat · Red Hat AMQ Broker 7Red Hat · Red Hat build of Apicurio Registry 2Red Hat · Red Hat build of Keycloak 22Red Hat · Red Hat build of Keycloak 22.0.10Red Hat · Red Hat build of QuarkusRed Hat · Red Hat Data Grid 8Red Hat · Red Hat Decision Manager 7Red Hat · Red Hat Fuse 7Red Hat · Red Hat JBoss Data Grid 7Red Hat · Red Hat JBoss Enterprise Application Platform 6Red Hat · Red Hat JBoss Enterprise Application Platform 7Red Hat · Red Hat Process Automation 7Red Hat · Red Hat Single Sign-On 7.6 for RHEL 7Red Hat · Red Hat Single Sign-On 7.6 for RHEL 8Red Hat · Red Hat Single Sign-On 7.6 for RHEL 9Red Hat · RHEL-8 based Middleware ContainersRed Hat · RHSSO 7.6.8

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://access.redhat.com/errata/RHSA-2024:1860https://access.redhat.com/errata/RHSA-2024:1861https://access.redhat.com/errata/RHSA-2024:1862https://access.redhat.com/errata/RHSA-2024:1864https://access.redhat.com/errata/RHSA-2024:1866https://access.redhat.com/errata/RHSA-2024:1867https://access.redhat.com/errata/RHSA-2024:1868https://access.redhat.com/errata/RHSA-2024:2945https://access.redhat.com/errata/RHSA-2024:3752https://access.redhat.com/errata/RHSA-2024:3762https://access.redhat.com/errata/RHSA-2024:3919https://access.redhat.com/errata/RHSA-2024:3989