Keycloak-core: open redirect on account page
Description
An open redirect vulnerability was found in Keycloak. A specially crafted URL can be constructed where the referrer and referrer_uri parameters are made to trick a user to visit a malicious webpage. A trusted URL can trick users and automation into believing that the URL is safe, when, in fact, it redirects to a malicious server. This issue can result in a victim inadvertently trusting the destination of the redirect, potentially leading to a successful phishing attack or other types of attacks.
Once a crafted URL is made, it can be sent to a Keycloak admin via email for example. This will trigger this vulnerability when the user visits the page and clicks the link. A malicious actor can use this to target users they know are Keycloak admins for further attacks. It may also be possible to bypass other domain-related security checks, such as supplying this as a OAuth redirect uri. The malicious actor can further obfuscate the redirect_uri using URL encoding, to hide the text of the actual malicious website domain.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.keycloak:keycloak-coreMaven | < 24.0.7 | 24.0.7 |
Affected products
10- Range: 1.0-alpha-1, 1.0-alpha-1-12062013, 1.0-alpha-2, …
- osv-coords9 versionspkg:apk/chainguard/keycloak-config-clipkg:apk/chainguard/keycloak-config-cli-bitnami-compatpkg:apk/chainguard/keycloak-config-cli-compatpkg:apk/chainguard/keycloak-config-cli-iamguarded-compatpkg:apk/wolfi/keycloak-config-clipkg:apk/wolfi/keycloak-config-cli-bitnami-compatpkg:apk/wolfi/keycloak-config-cli-compatpkg:apk/wolfi/keycloak-config-cli-iamguarded-compatpkg:maven/org.keycloak/keycloak-core
< 6.4.0-r1+ 8 more
- (no CPE)range: < 6.4.0-r1
- (no CPE)range: < 6.4.0-r1
- (no CPE)range: < 6.4.0-r1
- (no CPE)range: < 6.4.0-r1
- (no CPE)range: < 6.4.0-r1
- (no CPE)range: < 6.4.0-r1
- (no CPE)range: < 6.4.0-r1
- (no CPE)range: < 6.4.0-r1
- (no CPE)range: < 24.0.7
Patches
Vulnerability mechanics
References
6- access.redhat.com/errata/RHSA-2024:6502ghsavendor-advisoryx_refsource_REDHATWEB
- access.redhat.com/errata/RHSA-2024:6503ghsavendor-advisoryx_refsource_REDHATWEB
- github.com/advisories/GHSA-g4gc-rh26-m3p5ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2024-7260ghsaADVISORY
- access.redhat.com/security/cve/CVE-2024-7260ghsavdb-entryx_refsource_REDHATWEB
- bugzilla.redhat.com/show_bug.cgighsaissue-trackingx_refsource_REDHATWEB
News mentions
0No linked articles in our index yet.