A flaw was found in the redirect_uri validation logic in Keycloak. This issue may allow a bypass of otherwise explicitly allowed hosts. A successful attack may lead to an access token being stolen, making it possible for the attacker to impersonate other users.

Metrics

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00196.

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

Vendors Products
Redhat
  • Build Keycloak
  • Enterprise Linux
  • Jboss Data Grid
  • Jboss Enterprise Application Platform
  • Jboss Enterprise Bpms Platform
  • Jboss Enterprise Brms Platform
  • Jboss Fuse
  • Keycloak
  • Migration Toolkit Applications
  • Migration Toolkit For Applications
  • Openshift Container Platform
  • Openshift Container Platform For Ibm Z
  • Openshift Container Platform For Linuxone
  • Openshift Container Platform For Power
  • Red Hat Single Sign On
  • Rhosemc
  • Serverless
  • Single Sign-on

Configuration 1 [-]

OR cpe:2.3:a:redhat:keycloak:*:*:*:*:*:*:*:*
cpe:2.3:a:redhat:single_sign-on:-:*:*:*:text-only:*:*:*

Configuration 2 [-]

AND
OR cpe:2.3:a:redhat:openshift_container_platform:4.11:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform:4.12:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform_for_ibm_z:4.9:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform_for_ibm_z:4.10:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform_for_linuxone:4.9:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform_for_linuxone:4.10:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform_for_power:4.9:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform_for_power:4.10:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*

Configuration 3 [-]

AND
cpe:2.3:a:redhat:single_sign-on:7.6:*:*:*:*:*:*:*
OR cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*

Configuration 4 [-]

OR cpe:2.3:a:redhat:migration_toolkit_for_applications:6.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:migration_toolkit_for_applications:7.0:*:*:*:*:*:*:*
Package CPE Advisory Released Date
Red Hat build of Keycloak 22
rhbk/keycloak-operator-bundle:22.0.7-1 cpe:/a:redhat:build_keycloak:22::el9 RHSA-2023:7861 2023-12-14T00:00:00Z
rhbk/keycloak-rhel9:22-6 cpe:/a:redhat:build_keycloak:22::el9 RHSA-2023:7861 2023-12-14T00:00:00Z
rhbk/keycloak-rhel9-operator:22-9 cpe:/a:redhat:build_keycloak:22::el9 RHSA-2023:7861 2023-12-14T00:00:00Z
Red Hat build of Keycloak 22.0.7
keycloak cpe:/a:redhat:build_keycloak:22 RHSA-2023:7860 2023-12-14T00:00:00Z
Red Hat Single Sign-On 7
keycloak cpe:/a:redhat:red_hat_single_sign_on:7.6 RHSA-2024:0804 2024-02-13T00:00:00Z
Red Hat Single Sign-On 7.6 for RHEL 7
rh-sso7-keycloak-0:18.0.11-2.redhat_00003.1.el7sso cpe:/a:redhat:red_hat_single_sign_on:7.6::el7 RHSA-2023:7854 2023-12-14T00:00:00Z
rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el7sso cpe:/a:redhat:red_hat_single_sign_on:7.6::el7 RHSA-2024:0798 2024-02-13T00:00:00Z
Red Hat Single Sign-On 7.6 for RHEL 8
rh-sso7-keycloak-0:18.0.11-2.redhat_00003.1.el8sso cpe:/a:redhat:red_hat_single_sign_on:7.6::el8 RHSA-2023:7856 2023-12-14T00:00:00Z
rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el8sso cpe:/a:redhat:red_hat_single_sign_on:7.6::el8 RHSA-2024:0799 2024-02-13T00:00:00Z
Red Hat Single Sign-On 7.6 for RHEL 9
rh-sso7-keycloak-0:18.0.11-2.redhat_00003.1.el9sso cpe:/a:redhat:red_hat_single_sign_on:7.6::el9 RHSA-2023:7855 2023-12-14T00:00:00Z
rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el9sso cpe:/a:redhat:red_hat_single_sign_on:7.6::el9 RHSA-2024:0800 2024-02-13T00:00:00Z
RHEL-8 based Middleware Containers
rh-sso-7/sso76-openshift-rhel8:7.6-38 cpe:/a:redhat:rhosemc:1.0::el8 RHSA-2023:7857 2023-12-14T00:00:00Z
rh-sso-7/sso7-rhel8-operator-bundle:7.6.6-2 cpe:/a:redhat:rhosemc:1.0::el8 RHSA-2023:7857 2023-12-14T00:00:00Z
rh-sso-7/sso76-openshift-rhel8:7.6-41 cpe:/a:redhat:rhosemc:1.0::el8 RHSA-2024:0801 2024-02-13T00:00:00Z
Single Sign-On 7.6.6
keycloak cpe:/a:redhat:red_hat_single_sign_on:7.6.6 RHSA-2023:7858 2023-12-14T00:00:00Z

No data.

Advisories
Source ID Title
EUVD EUVD EUVD-2023-3249 A flaw was found in the redirect_uri validation logic in Keycloak. This issue may allow a bypass of otherwise explicitly allowed hosts. A successful attack may lead to an access token being stolen, making it possible for the attacker to impersonate other users.
Github GHSA Github GHSA GHSA-mpwq-j3xf-7m5w The redirect_uri validation logic allows for bypassing explicitly allowed hosts that would otherwise be restricted
Fixes

Solution

No solution given by the vendor.

Workaround

Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

References
Link Providers
https://access.redhat.com/errata/RHSA-2023:7854 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2023:7855 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2023:7856 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2023:7857 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2023:7858 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2023:7860 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2023:7861 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2024:0798 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2024:0799 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2024:0800 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2024:0801 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2024:0804 cve-icon cve-icon
https://access.redhat.com/security/cve/CVE-2023-6291 cve-icon cve-icon
https://bugzilla.redhat.com/show_bug.cgi?id=2251407 cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2023-6291 cve-icon
https://www.cve.org/CVERecord?id=CVE-2023-6291 cve-icon
History

Wed, 13 Nov 2024 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}
cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published:

Updated: 2025-10-09T11:52:01.061Z

Reserved: 2023-11-24T18:16:45.923Z

Link: CVE-2023-6291

cve-icon Vulnrichment

Updated: 2024-08-02T08:28:21.867Z

cve-icon NVD

Status : Modified

Published: 2024-01-26T15:15:08.280

Modified: 2024-11-21T08:43:32.587

Link: CVE-2023-6291

cve-icon Redhat

Severity : Important

Publid Date: 2023-12-14T00:00:00Z

Links: CVE-2023-6291 - Bugzilla

cve-icon OpenCVE Enrichment

No data.