VYPR
Moderate severityGHSA Advisory· Published Sep 19, 2024· Updated Apr 1, 2026

Keycloak: vulnerable redirect uri validation results in open redirec

CVE-2024-8883

Description

A misconfiguration flaw was found in Keycloak. This issue can allow an attacker to redirect users to an arbitrary URL if a 'Valid Redirect URI' is set to http://localhost or http://127.0.0.1, enabling sensitive information such as authorization codes to be exposed to the attacker, potentially leading to session hijacking.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
org.keycloak:keycloak-servicesMaven
< 22.0.1322.0.13
org.keycloak:keycloak-servicesMaven
>= 23.0.0, < 24.0.824.0.8
org.keycloak:keycloak-servicesMaven
>= 25.0.0, < 25.0.625.0.6

Affected products

10

Patches

Vulnerability mechanics

References

21

News mentions

0

No linked articles in our index yet.