QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2024-1132

Back to search

CVE-2024-1132

Published: Apr 17, 2024

Modified: May 16, 2026

PUBLISHED

CVSS v3.1

8.1

HIGH

Description

A flaw was found in Keycloak, where it does not properly validate URLs included in a redirect. This issue could allow an attacker to construct a malicious request to bypass validation and access other URLs and sensitive information within the domain or conduct further attacks. This flaw affects any client that utilizes a wildcard in the Valid Redirect URIs field, and requires user interaction within the malicious URL.

VendorProductVersions

Unknown

keycloak

affected
21.1.0 - < 22.0.10
affected
23.0.0 - < 24.0.3

Red Hat

Migration Toolkit for Runtimes 1 on RHEL 8

unaffected
1.2-23 - < *

Red Hat

Migration Toolkit for Runtimes 1 on RHEL 8

unaffected
1.2-15 - < *

Red Hat

Migration Toolkit for Runtimes 1 on RHEL 8

unaffected
1.2-16 - < *

Red Hat

Migration Toolkit for Runtimes 1 on RHEL 8

unaffected
1.2-14 - < *

Red Hat

MTA-6.2-RHEL-9

unaffected
6.2.3-2 - < *

Red Hat

Red Hat AMQ Broker 7

All versions

Red Hat

Red Hat AMQ Broker 7

All versions

Red Hat

Red Hat AMQ Broker 7

All versions

Red Hat

Red Hat build of Keycloak 22

unaffected
22.0.10-1 - < *

Red Hat

Red Hat build of Keycloak 22

unaffected
22-13 - < *

Red Hat

Red Hat build of Keycloak 22

unaffected
22-16 - < *

Red Hat

Red Hat build of Keycloak 22.0.10

All versions

Red Hat

Red Hat Single Sign-On 7.6 for RHEL 7

unaffected
0:18.0.13-1.redhat_00001.1.el7sso - < *

Red Hat

Red Hat Single Sign-On 7.6 for RHEL 8

unaffected
0:18.0.13-1.redhat_00001.1.el8sso - < *

Red Hat

Red Hat Single Sign-On 7.6 for RHEL 9

unaffected
0:18.0.13-1.redhat_00001.1.el9sso - < *

Red Hat

RHEL-8 based Middleware Containers

unaffected
7.6-46 - < *

Red Hat

RHSSO 7.6.8

All versions

Red Hat

Red Hat build of Apicurio Registry 2

All versions

Red Hat

Red Hat build of Quarkus

All versions

Red Hat

Red Hat build of Quarkus

All versions

Red Hat

Red Hat Data Grid 8

All versions

Red Hat

Red Hat Decision Manager 7

All versions

Red Hat

Red Hat Fuse 7

All versions

Red Hat

Red Hat JBoss Data Grid 7

All versions

Red Hat

Red Hat JBoss Enterprise Application Platform 6

All versions

Red Hat

Red Hat JBoss Enterprise Application Platform 7

All versions

Red Hat

Red Hat Process Automation 7

All versions

Weaknesses (CWE)

CWE-22

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

None

References

RHSA-2024:1860
vendor-advisory
x_refsource_REDHAT
RHSA-2024:1861
vendor-advisory
x_refsource_REDHAT
RHSA-2024:1862
vendor-advisory
x_refsource_REDHAT
RHSA-2024:1864
vendor-advisory
x_refsource_REDHAT
RHSA-2024:1866
vendor-advisory
x_refsource_REDHAT
RHSA-2024:1867
vendor-advisory
x_refsource_REDHAT
RHSA-2024:1868
vendor-advisory
x_refsource_REDHAT
RHSA-2024:2945
vendor-advisory
x_refsource_REDHAT
RHSA-2024:3752
vendor-advisory
x_refsource_REDHAT
RHSA-2024:3762
vendor-advisory
x_refsource_REDHAT
RHSA-2024:3919
vendor-advisory
x_refsource_REDHAT
RHSA-2024:3989
vendor-advisory
x_refsource_REDHAT
RHBZ#2262117
issue-tracking
x_refsource_REDHAT

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now