QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2024-8883

Back to search

CVE-2024-8883

Published: Sep 19, 2024

Modified: Apr 1, 2026

PUBLISHED

CVSS v3.1

6.1

MEDIUM

Description

A misconfiguration flaw was found in Keycloak. This issue can allow an attacker to redirect users to an arbitrary URL if a 'Valid Redirect URI' is set to http://localhost or http://127.0.0.1, enabling sensitive information such as authorization codes to be exposed to the attacker, potentially leading to session hijacking.

VendorProductVersions

Unknown

keycloak-services

affected
0 - < 22.0.12
affected
23.0.0 - < 24.0.7
affected
25.0.0 - < 25.0.5

Red Hat

Red Hat Build of Keycloak

All versions

Red Hat

Red Hat Build of Keycloak

All versions

Red Hat

Red Hat build of Keycloak 22

unaffected
22.0.13-1 - < *

Red Hat

Red Hat build of Keycloak 22

unaffected
22-18 - < *

Red Hat

Red Hat build of Keycloak 22

unaffected
22-21 - < *

Red Hat

Red Hat build of Keycloak 24

unaffected
24.0.8-1 - < *

Red Hat

Red Hat build of Keycloak 24

unaffected
24-17 - < *

Red Hat

Red Hat build of Keycloak 24

unaffected
24-17 - < *

Red Hat

Red Hat JBoss Enterprise Application Platform 8

All versions

Red Hat

Red Hat JBoss Enterprise Application Platform 8

All versions

Red Hat

Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8

unaffected
0:800.4.1-1.GA_redhat_00001.1.el8eap - < *

Red Hat

Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8

unaffected
0:8.0.4-3.GA_redhat_00007.1.el8eap - < *

Red Hat

Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8

unaffected
0:2.33.0-1.redhat_00015.1.el8eap - < *

Red Hat

Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8

unaffected
1:2.0.0-2.redhat_00005.1.el8eap - < *

Red Hat

Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8

unaffected
0:1.8.0-2.redhat_00001.1.el8eap - < *

Red Hat

Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8

unaffected
0:2.2.0-2.redhat_00001.1.el8eap - < *

Red Hat

Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8

unaffected
0:1.16.1-2.redhat_00007.1.el8eap - < *

Red Hat

Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8

unaffected
0:3.2.2-28.redhat_2.1.el8eap - < *

Red Hat

Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8

unaffected
0:2.15.1-1.redhat_00001.1.el8eap - < *

Red Hat

Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8

unaffected
0:3.14.0-2.redhat_00006.1.el8eap - < *

Red Hat

Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8

unaffected
0:4.0.5-1.redhat_00001.1.el8eap - < *

Red Hat

Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8

unaffected
1:2.0.0-2.redhat_00005.1.el8eap - < *

Red Hat

Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8

unaffected
0:2.0.1-1.redhat_00002.1.el8eap - < *

Red Hat

Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8

unaffected
0:0.1.0-2.redhat_00010.1.el8eap - < *

Red Hat

Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8

unaffected
0:1.12.284-2.redhat_00002.1.el8eap - < *

Red Hat

Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8

unaffected
0:1.2.5-2.redhat_00001.1.el8eap - < *

Red Hat

Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8

unaffected
0:800.4.0-1.GA_redhat_00001.1.el8eap - < *

Red Hat

Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8

unaffected
0:2.1.0-4.redhat_00001.1.el8eap - < *

Red Hat

Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8

unaffected
0:6.2.31-1.Final_redhat_00002.1.el8eap - < *

Red Hat

Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8

unaffected
0:8.0.1-3.Final_redhat_00001.1.el8eap - < *

Red Hat

Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8

unaffected
0:0.8.1-2.redhat_00001.1.el8eap - < *

Red Hat

Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8

unaffected
0:1.1.3-1.redhat_00001.1.el8eap - < *

Red Hat

Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8

unaffected
0:3.0.1-1.redhat_00001.1.el8eap - < *

Red Hat

Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8

unaffected
0:1.1.3-1.redhat_00001.1.el8eap - < *

Red Hat

Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8

unaffected
0:3.5.3-1.Final_redhat_00001.1.el8eap - < *

Red Hat

Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8

unaffected
0:4.0.2-1.redhat_00001.1.el8eap - < *

Red Hat

Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8

unaffected
0:5.3.10-1.Final_redhat_00001.1.el8eap - < *

Red Hat

Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8

unaffected
0:2.22.1-1.redhat_00002.1.el8eap - < *

Red Hat

Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8

unaffected
0:6.0.3-1.Final_redhat_00001.1.el8eap - < *

Red Hat

Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8

unaffected
0:9.37.3-1.redhat_00001.1.el8eap - < *

Red Hat

Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8

unaffected
0:9.6.0-1.redhat_00002.1.el8eap - < *

Red Hat

Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8

unaffected
0:2.3.0-1.redhat_00001.1.el8eap - < *

Red Hat

Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8

unaffected
0:2.0.1-3.Final_redhat_00001.1.el8eap - < *

Red Hat

Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8

unaffected
0:3.0.1-2.Final_redhat_00001.1.el8eap - < *

Red Hat

Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8

unaffected
0:3.0.4-1.redhat_00001.1.el8eap - < *

Red Hat

Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8

unaffected
0:8.0.0-6.redhat_00001.1.el8eap - < *

Red Hat

Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8

unaffected
0:2.0.16-1.redhat_00001.1.el8eap - < *

Red Hat

Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8

unaffected
0:2.2.0-1.redhat_00001.1.el8eap - < *

Red Hat

Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8

unaffected
0:8.0.4-2.GA_redhat_00005.1.el8eap - < *

Red Hat

Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9

unaffected
0:800.4.1-1.GA_redhat_00001.1.el9eap - < *

Red Hat

Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9

unaffected
0:8.0.4-3.GA_redhat_00007.1.el9eap - < *

Red Hat

Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9

unaffected
0:2.33.0-1.redhat_00015.1.el9eap - < *

Red Hat

Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9

unaffected
1:2.0.0-2.redhat_00005.1.el9eap - < *

Red Hat

Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9

unaffected
0:1.8.0-2.redhat_00001.1.el9eap - < *

Red Hat

Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9

unaffected
0:2.2.0-2.redhat_00001.1.el9eap - < *

Red Hat

Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9

unaffected
0:1.16.1-2.redhat_00007.1.el9eap - < *

Red Hat

Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9

unaffected
0:3.2.2-28.redhat_2.1.el9eap - < *

Red Hat

Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9

unaffected
0:2.15.1-1.redhat_00001.1.el9eap - < *

Red Hat

Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9

unaffected
0:3.14.0-2.redhat_00006.1.el9eap - < *

Red Hat

Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9

unaffected
0:4.0.5-1.redhat_00001.1.el9eap - < *

Red Hat

Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9

unaffected
1:2.0.0-2.redhat_00005.1.el9eap - < *

Red Hat

Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9

unaffected
0:2.0.1-1.redhat_00002.1.el9eap - < *

Red Hat

Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9

unaffected
0:0.1.0-2.redhat_00010.1.el9eap - < *

Red Hat

Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9

unaffected
0:1.12.284-2.redhat_00002.1.el9eap - < *

Red Hat

Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9

unaffected
0:1.2.5-2.redhat_00001.1.el9eap - < *

Red Hat

Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9

unaffected
0:800.4.0-1.GA_redhat_00001.1.el9eap - < *

Red Hat

Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9

unaffected
0:2.1.0-4.redhat_00001.1.el9eap - < *

Red Hat

Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9

unaffected
0:6.2.31-1.Final_redhat_00002.1.el9eap - < *

Red Hat

Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9

unaffected
0:8.0.1-3.Final_redhat_00001.1.el9eap - < *

Red Hat

Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9

unaffected
0:0.8.1-2.redhat_00001.1.el9eap - < *

Red Hat

Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9

unaffected
0:1.1.3-1.redhat_00001.1.el9eap - < *

Red Hat

Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9

unaffected
0:3.0.1-1.redhat_00001.1.el9eap - < *

Red Hat

Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9

unaffected
0:1.1.3-1.redhat_00001.1.el9eap - < *

Red Hat

Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9

unaffected
0:3.5.3-1.Final_redhat_00001.1.el9eap - < *

Red Hat

Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9

unaffected
0:4.0.2-1.redhat_00001.1.el9eap - < *

Red Hat

Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9

unaffected
0:5.3.10-1.Final_redhat_00001.1.el9eap - < *

Red Hat

Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9

unaffected
0:2.22.1-1.redhat_00002.1.el9eap - < *

Red Hat

Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9

unaffected
0:6.0.3-1.Final_redhat_00001.1.el9eap - < *

Red Hat

Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9

unaffected
0:9.37.3-1.redhat_00001.1.el9eap - < *

Red Hat

Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9

unaffected
0:9.6.0-1.redhat_00002.1.el9eap - < *

Red Hat

Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9

unaffected
0:2.3.0-1.redhat_00001.1.el9eap - < *

Red Hat

Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9

unaffected
0:2.0.1-3.Final_redhat_00001.1.el9eap - < *

Red Hat

Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9

unaffected
0:3.0.1-2.Final_redhat_00001.1.el9eap - < *

Red Hat

Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9

unaffected
0:3.0.4-1.redhat_00001.1.el9eap - < *

Red Hat

Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9

unaffected
0:8.0.0-6.redhat_00001.1.el9eap - < *

Red Hat

Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9

unaffected
0:2.0.16-1.redhat_00001.1.el9eap - < *

Red Hat

Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9

unaffected
0:2.2.0-1.redhat_00001.1.el9eap - < *

Red Hat

Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9

unaffected
0:8.0.4-2.GA_redhat_00005.1.el9eap - < *

Red Hat

Red Hat Single Sign-On 7

All versions

Red Hat

Red Hat Single Sign-On 7.6 for RHEL 7

unaffected
0:18.0.18-1.redhat_00001.1.el7sso - < *

Red Hat

Red Hat Single Sign-On 7.6 for RHEL 8

unaffected
0:18.0.18-1.redhat_00001.1.el8sso - < *

Red Hat

Red Hat Single Sign-On 7.6 for RHEL 9

unaffected
0:18.0.18-1.redhat_00001.1.el9sso - < *

Red Hat

RHEL-8 based Middleware Containers

unaffected
7.6-54 - < *

Weaknesses (CWE)

CWE-601

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Changed

Confidentiality

Low

Integrity

Low

Availability

None

References

RHSA-2024:10385
vendor-advisory
x_refsource_REDHAT
RHSA-2024:10386
vendor-advisory
x_refsource_REDHAT
RHSA-2024:6878
vendor-advisory
x_refsource_REDHAT
RHSA-2024:6879
vendor-advisory
x_refsource_REDHAT
RHSA-2024:6880
vendor-advisory
x_refsource_REDHAT
RHSA-2024:6882
vendor-advisory
x_refsource_REDHAT
RHSA-2024:6886
vendor-advisory
x_refsource_REDHAT
RHSA-2024:6887
vendor-advisory
x_refsource_REDHAT
RHSA-2024:6888
vendor-advisory
x_refsource_REDHAT
RHSA-2024:6889
vendor-advisory
x_refsource_REDHAT
RHSA-2024:6890
vendor-advisory
x_refsource_REDHAT
RHSA-2024:8823
vendor-advisory
x_refsource_REDHAT
RHSA-2024:8824
vendor-advisory
x_refsource_REDHAT
RHSA-2024:8826
vendor-advisory
x_refsource_REDHAT
RHBZ#2312511
issue-tracking
x_refsource_REDHAT

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now