VYPR
High severityOSV Advisory· Published Apr 17, 2024· Updated Mar 17, 2026

Keycloak: path transversal in redirection validation

CVE-2024-1132

Description

A flaw was found in Keycloak, where it does not properly validate URLs included in a redirect. This issue could allow an attacker to construct a malicious request to bypass validation and access other URLs and sensitive information within the domain or conduct further attacks. This flaw affects any client that utilizes a wildcard in the Valid Redirect URIs field, and requires user interaction within the malicious URL.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
org.keycloak:keycloak-servicesMaven
< 22.0.1022.0.10
org.keycloak:keycloak-servicesMaven
>= 23.0.0, < 24.0.324.0.3

Affected products

16

Patches

Vulnerability mechanics

References

17

News mentions

0

No linked articles in our index yet.