Fluid Attacks Database

Description

Keycloak path traversal vulnerability in the redirect validation An issue was found in the redirect_uri validation logic that allows for a bypass of otherwise explicitly allowed hosts.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
maven	org.keycloak:keycloak-services	>=0 <22.0.10 \|\| >=23.0.0 <24.0.3	22.0.10, 24.0.3

Aliases

1. CVE-2024-24192. NVD-2024-24193. OSV-2024-24194. GHSA-mrv8-pqfj-7gp55. GCVE-2024-24196. access.redhat.com7. ACCESS-CVE-2024-2419

References

1. https://github.com/keycloak/keycloak/security/advisories/GHSA-mrv8-pqfj-7gp52. https://bugzilla.redhat.com/show_bug.cgi?id=2269371

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.