CVE-2023-6134 - Vulnerability Details

- Keycloak: reflected xss via wildcard in oidc redirect_uri

Description

A flaw was found in Keycloak that prevents certain schemes in redirects, but permits them if a wildcard is appended to the token. This issue could allow an attacker to submit a specially crafted request leading to cross-site scripting (XSS) or further attacks. This flaw is the result of an incomplete fix for CVE-2020-10748.

Published: 2023-12-14

Score: 4.6 Medium

EPSS: 2.5% Low

KEV: No

Impact:

Action:

Analysis

No analysis available yet.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Red Hat

Red Hat build of Keycloak 22

affected

Version	Status	Constraints
`22.0.7-1`	unaffected	< *

Red Hat

Red Hat build of Keycloak 22

affected

Version	Status	Constraints
`22-6`	unaffected	< *

Red Hat

Red Hat build of Keycloak 22

affected

Version	Status	Constraints
`22-9`	unaffected	< *

Red Hat Red Hat build of Keycloak 22.0.7 unaffected —

Red Hat Red Hat Single Sign-On 7 unaffected —

Red Hat

Red Hat Single Sign-On 7.6 for RHEL 7

affected

Version	Status	Constraints
`0:18.0.11-2.redhat_00003.1.el7sso`	unaffected	< *

Red Hat

Red Hat Single Sign-On 7.6 for RHEL 7

affected

Version	Status	Constraints
`0:18.0.12-1.redhat_00001.1.el7sso`	unaffected	< *

Red Hat

Red Hat Single Sign-On 7.6 for RHEL 8

affected

Version	Status	Constraints
`0:18.0.11-2.redhat_00003.1.el8sso`	unaffected	< *

Red Hat

Red Hat Single Sign-On 7.6 for RHEL 8

affected

Version	Status	Constraints
`0:18.0.12-1.redhat_00001.1.el8sso`	unaffected	< *

Red Hat

Red Hat Single Sign-On 7.6 for RHEL 9

affected

Version	Status	Constraints
`0:18.0.11-2.redhat_00003.1.el9sso`	unaffected	< *

Red Hat

Red Hat Single Sign-On 7.6 for RHEL 9

affected

Version	Status	Constraints
`0:18.0.12-1.redhat_00001.1.el9sso`	unaffected	< *

Red Hat

RHEL-8 based Middleware Containers

affected

Version	Status	Constraints
`7.6-38`	unaffected	< *

Red Hat

RHEL-8 based Middleware Containers

affected

Version	Status	Constraints
`7.6.6-2`	unaffected	< *

Red Hat

RHEL-8 based Middleware Containers

affected

Version	Status	Constraints
`7.6-41`	unaffected	< *

Red Hat Single Sign-On 7.6.6 unaffected —

Configuration 1 [-]

AND

cpe:2.3:a:redhat:single_sign-on:*:*:*:*:*:*:*:*

OR	cpe:2.3:o:redhat:enterprise_linux:7.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux:8.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux:9.0:::::::*

Configuration 2 [-]

cpe:2.3:a:redhat:keycloak:*:*:*:*:*:*:*:*

Configuration 3 [-]

AND

OR	cpe:2.3:a:redhat:openshift_container_platform:4.11:::::::*
	cpe:2.3:a:redhat:openshift_container_platform:4.12:::::::*

cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*

Configuration 4 [-]

AND

OR	cpe:2.3:a:redhat:openshift_container_platform_for_power:4.9:::::::*
	cpe:2.3:a:redhat:openshift_container_platform_for_power:4.10:::::::*

cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*

Configuration 5 [-]

AND

OR	cpe:2.3:a:redhat:openshift_container_platform_ibm_z_systems:4.9:::::::*
	cpe:2.3:a:redhat:openshift_container_platform_ibm_z_systems:4.10:::::::*

cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*

Configuration 6 [-]

cpe:2.3:a:redhat:single_sign-on:-:*:*:*:text-only:*:*:*

Package	CPE	Advisory	Released Date
Red Hat build of Keycloak 22
rhbk/keycloak-operator-bundle:22.0.7-1	cpe:/a:redhat:build_keycloak:22::el9	RHSA-2023:7861	2023-12-14T00:00:00Z
rhbk/keycloak-rhel9:22-6	cpe:/a:redhat:build_keycloak:22::el9	RHSA-2023:7861	2023-12-14T00:00:00Z
rhbk/keycloak-rhel9-operator:22-9	cpe:/a:redhat:build_keycloak:22::el9	RHSA-2023:7861	2023-12-14T00:00:00Z
Red Hat build of Keycloak 22.0.7
keycloak-core	cpe:/a:redhat:build_keycloak:22	RHSA-2023:7860	2023-12-14T00:00:00Z
Red Hat Single Sign-On 7
keycloak-core	cpe:/a:redhat:red_hat_single_sign_on:7.6	RHSA-2024:0804	2024-02-13T00:00:00Z
Red Hat Single Sign-On 7.6 for RHEL 7
rh-sso7-keycloak-0:18.0.11-2.redhat_00003.1.el7sso	cpe:/a:redhat:red_hat_single_sign_on:7.6::el7	RHSA-2023:7854	2023-12-14T00:00:00Z
rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el7sso	cpe:/a:redhat:red_hat_single_sign_on:7.6::el7	RHSA-2024:0798	2024-02-13T00:00:00Z
Red Hat Single Sign-On 7.6 for RHEL 8
rh-sso7-keycloak-0:18.0.11-2.redhat_00003.1.el8sso	cpe:/a:redhat:red_hat_single_sign_on:7.6::el8	RHSA-2023:7856	2023-12-14T00:00:00Z
rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el8sso	cpe:/a:redhat:red_hat_single_sign_on:7.6::el8	RHSA-2024:0799	2024-02-13T00:00:00Z
Red Hat Single Sign-On 7.6 for RHEL 9
rh-sso7-keycloak-0:18.0.11-2.redhat_00003.1.el9sso	cpe:/a:redhat:red_hat_single_sign_on:7.6::el9	RHSA-2023:7855	2023-12-14T00:00:00Z
rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el9sso	cpe:/a:redhat:red_hat_single_sign_on:7.6::el9	RHSA-2024:0800	2024-02-13T00:00:00Z
RHEL-8 based Middleware Containers
rh-sso-7/sso76-openshift-rhel8:7.6-38	cpe:/a:redhat:rhosemc:1.0::el8	RHSA-2023:7857	2023-12-14T00:00:00Z
rh-sso-7/sso7-rhel8-operator-bundle:7.6.6-2	cpe:/a:redhat:rhosemc:1.0::el8	RHSA-2023:7857	2023-12-14T00:00:00Z
rh-sso-7/sso76-openshift-rhel8:7.6-41	cpe:/a:redhat:rhosemc:1.0::el8	RHSA-2024:0801	2024-02-13T00:00:00Z
Single Sign-On 7.6.6
keycloak-core	cpe:/a:redhat:red_hat_single_sign_on:7.6.6	RHSA-2023:7858	2023-12-14T00:00:00Z

No data available yet.

Remediation

No remediation available yet.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
EUVD	EUVD-2023-3189	A flaw was found in Keycloak that prevents certain schemes in redirects, but permits them if a wildcard is appended to the token. This issue could allow an attacker to submit a specially crafted request leading to cross-site scripting (XSS) or further attacks. This flaw is the result of an incomplete fix for CVE-2020-10748.
Github GHSA	GHSA-cvg2-7c3j-g36j	Keycloak vulnerable to reflected XSS via wildcard in OIDC redirect_uri

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.02468.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://access.redhat.com/errata/RHSA-2023:7854
https://access.redhat.com/errata/RHSA-2023:7855
https://access.redhat.com/errata/RHSA-2023:7856
https://access.redhat.com/errata/RHSA-2023:7857
https://access.redhat.com/errata/RHSA-2023:7858
https://access.redhat.com/errata/RHSA-2023:7860
https://access.redhat.com/errata/RHSA-2023:7861
https://access.redhat.com/errata/RHSA-2024:0798
https://access.redhat.com/errata/RHSA-2024:0799
https://access.redhat.com/errata/RHSA-2024:0800
https://access.redhat.com/errata/RHSA-2024:0801
https://access.redhat.com/errata/RHSA-2024:0804
https://access.redhat.com/security/cve/CVE-2023-6134
https://bugzilla.redhat.com/show_bug.cgi?id=2249673
https://nvd.nist.gov/vuln/detail/CVE-2023-6134
https://www.cve.org/CVERecord?id=CVE-2023-6134

History

No history.

Subscriptions

Redhat Build Keycloak Enterprise Linux Keycloak Openshift Container Platform Openshift Container Platform For Power Openshift Container Platform Ibm Z Systems Red Hat Single Sign On Rhosemc Single Sign-on

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2023-12-14T21:42:12.160Z

Updated: 2026-02-25T18:19:50.968Z

Reserved: 2023-11-14T18:50:13.535Z

Link: CVE-2023-6134

Vulnrichment

No data.

NVD

Status : Modified

Published: 2023-12-14T22:15:44.087

Modified: 2024-11-21T08:43:12.193

Link: CVE-2023-6134

Redhat

Severity : Moderate

Publid Date: 2023-11-14T00:00:00Z

Links: CVE-2023-6134 - Bugzilla

OpenCVE Enrichment

No data.

Weaknesses

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object