High severityNVD Advisory· Published Jan 26, 2024· Updated Nov 11, 2025

Keycloak: redirect_uri validation bypass

CVE-2023-6291

Description

A flaw was found in the redirect_uri validation logic in Keycloak. This issue may allow a bypass of otherwise explicitly allowed hosts. A successful attack may lead to an access token being stolen, making it possible for the attacker to impersonate other users.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
org.keycloak:keycloak-servicesMaven	< 23.0.3	23.0.3

Affected products

Red Hat/Red Hat build of Keycloak 22.0.7v5
cpe:/a:redhat:build_keycloak:22
Red Hat/Build Of Keycloakcpe-rescue
cpe:/a:redhat:build_keycloak:22::el9
Range: 22-9
Red Hat/Red Hat JBoss Data Grid 7v5
cpe:/a:redhat:jboss_data_grid:7
Red Hat/Red Hat Data Grid 8v5
cpe:/a:redhat:jboss_data_grid:8
Red Hat/Jboss Enterprise Application Platformcpe-rescue
cpe:/a:redhat:jboss_enterprise_application_platform:6
Red Hat/Process Automationcpe-rescue
cpe:/a:redhat:jboss_enterprise_bpms_platform:7
Red Hat/Red Hat Decision Manager 7v5
cpe:/a:redhat:jboss_enterprise_brms_platform:7
Red Hat/Red Hat Fuse 7v5
cpe:/a:redhat:jboss_fuse:7
Red Hat/Migration Toolkit for Applications 6v5
cpe:/a:redhat:migration_toolkit_applications:6
Red Hat/Migration Toolkit for Applications 7v5
cpe:/a:redhat:migration_toolkit_applications:7
Red Hat/Single Sign Oncpe-rescue5 versions
cpe:/a:redhat:red_hat_single_sign_on:7.6+ 4 more
- cpe:/a:redhat:red_hat_single_sign_on:7.6
- cpe:/a:redhat:red_hat_single_sign_on:7.6.6
- cpe:/a:redhat:red_hat_single_sign_on:7.6::el7range: 0:18.0.12-1.redhat_00001.1.el7sso
- cpe:/a:redhat:red_hat_single_sign_on:7.6::el8range: 0:18.0.12-1.redhat_00001.1.el8sso
- cpe:/a:redhat:red_hat_single_sign_on:7.6::el9range: 0:18.0.12-1.redhat_00001.1.el9sso
Red Hat/RHEL-8 based Middleware Containersv5
cpe:/a:redhat:rhosemc:1.0::el8
Range: 7.6-41
Red Hat/OpenShift Serverlessv5
cpe:/a:redhat:serverless:1
ghsa-coords
pkg:maven/org.keycloak/keycloak-services
Range: < 23.0.3

Patches

Vulnerability mechanics

Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

access.redhat.com/errata/RHSA-2023:7854ghsavendor-advisoryx_refsource_REDHATWEB
access.redhat.com/errata/RHSA-2023:7855ghsavendor-advisoryx_refsource_REDHATWEB
access.redhat.com/errata/RHSA-2023:7856ghsavendor-advisoryx_refsource_REDHATWEB
access.redhat.com/errata/RHSA-2023:7857ghsavendor-advisoryx_refsource_REDHATWEB
access.redhat.com/errata/RHSA-2023:7858ghsavendor-advisoryx_refsource_REDHATWEB
access.redhat.com/errata/RHSA-2023:7860ghsavendor-advisoryx_refsource_REDHATWEB
access.redhat.com/errata/RHSA-2023:7861ghsavendor-advisoryx_refsource_REDHATWEB
access.redhat.com/errata/RHSA-2024:0798mitrevendor-advisoryx_refsource_REDHAT
access.redhat.com/errata/RHSA-2024:0799mitrevendor-advisoryx_refsource_REDHAT
access.redhat.com/errata/RHSA-2024:0800mitrevendor-advisoryx_refsource_REDHAT
access.redhat.com/errata/RHSA-2024:0801mitrevendor-advisoryx_refsource_REDHAT
access.redhat.com/errata/RHSA-2024:0804mitrevendor-advisoryx_refsource_REDHAT
github.com/advisories/GHSA-mpwq-j3xf-7m5wghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2023-6291ghsaADVISORY
access.redhat.com/security/cve/CVE-2023-6291ghsavdb-entryx_refsource_REDHATWEB
bugzilla.redhat.com/show_bug.cgighsaissue-trackingx_refsource_REDHATWEB
github.com/keycloak/keycloak/commit/b2e91105315ccf2c1df549b4f6c5948322cbfd1bghsaWEB
github.com/keycloak/keycloak/security/advisories/GHSA-mpwq-j3xf-7m5wghsaWEB

News mentions

No linked articles in our index yet.

cvss	0.455
epss	0.001
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000