216.73.217.176

CVE-2024-8883

· Published 19/09/2024 16:15 · Modified 01/10/2024 13:15

Labels: CVE-2024-8883 2024-09-19CVE-2024-8883CWE-601[email protected]

Essential information

Published
19/09/2024 16:15
Modified
01/10/2024 13:15
Author
Creator
CVSS
6.1 MEDIUM (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CVSS metrics

Description

A misconfiguration flaw was found in Keycloak. This issue can allow an attacker to redirect users to an arbitrary URL if a 'Valid Redirect URI' is set to http://localhost or http://127.0.0.1, enabling sensitive information such as authorization codes to be exposed to the attacker, potentially leading to session hijacking.

NVD status

Status
Modified — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
redhat / build of keycloak cpe:2.3:a:redhat:build_of_keycloak:-:*:*:*:text-only:*:*:*
redhat / openshift container platform cpe:2.3:a:redhat:openshift_container_platform:4.11:*:*:*:*:*:*:*
redhat / openshift container platform cpe:2.3:a:redhat:openshift_container_platform:4.12:*:*:*:*:*:*:*
redhat / openshift container platform for ibm z cpe:2.3:a:redhat:openshift_container_platform_for_ibm_z:4.9:*:*:*:*:*:*:*
redhat / openshift container platform for ibm z cpe:2.3:a:redhat:openshift_container_platform_for_ibm_z:4.10:*:*:*:*:*:*:*
redhat / openshift container platform for linuxone cpe:2.3:a:redhat:openshift_container_platform_for_linuxone:4.9:*:*:*:*:*:*:*
redhat / openshift container platform for linuxone cpe:2.3:a:redhat:openshift_container_platform_for_linuxone:4.10:*:*:*:*:*:*:*
redhat / openshift container platform for power cpe:2.3:a:redhat:openshift_container_platform_for_power:4.9:*:*:*:*:*:*:*
redhat / openshift container platform for power cpe:2.3:a:redhat:openshift_container_platform_for_power:4.10:*:*:*:*:*:*:*
redhat / single sign-on cpe:2.3:a:redhat:single_sign-on:-:*:*:*:text-only:*:*:*
redhat / single sign-on cpe:2.3:a:redhat:single_sign-on:7.6:*:*:*:*:*:*:*

References