A flaw was found in the redirect_uri validation logic in Keycloak. This issue may allow a bypass of otherwise explicitly allowed hosts. A successful attack may lead to an access token being stolen, making it possible for the attacker to impersonate other users.
Advisories
Source ID Title
EUVD EUVD EUVD-2023-3249 A flaw was found in the redirect_uri validation logic in Keycloak. This issue may allow a bypass of otherwise explicitly allowed hosts. A successful attack may lead to an access token being stolen, making it possible for the attacker to impersonate other users.
Github GHSA Github GHSA GHSA-mpwq-j3xf-7m5w The redirect_uri validation logic allows for bypassing explicitly allowed hosts that would otherwise be restricted
Fixes

Solution

No solution given by the vendor.


Workaround

Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

History

Wed, 13 Nov 2024 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published:

Updated: 2025-10-09T11:52:01.061Z

Reserved: 2023-11-24T18:16:45.923Z

Link: CVE-2023-6291

cve-icon Vulnrichment

Updated: 2024-08-02T08:28:21.867Z

cve-icon NVD

Status : Modified

Published: 2024-01-26T15:15:08.280

Modified: 2024-11-21T08:43:32.587

Link: CVE-2023-6291

cve-icon Redhat

Severity : Important

Publid Date: 2023-12-14T00:00:00Z

Links: CVE-2023-6291 - Bugzilla

cve-icon OpenCVE Enrichment

No data.