CVE-2023-6291 - Vulnerability Details

Description

A flaw was found in the redirect_uri validation logic in Keycloak. This issue may allow a bypass of otherwise explicitly allowed hosts. A successful attack may lead to an access token being stolen, making it possible for the attacker to impersonate other users.

Published: 2024-01-26

Score: 7.1 High

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

No analysis available yet.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Red Hat

Red Hat build of Keycloak 22

affected

Version	Status	Constraints
`22.0.7-1`	unaffected	< *

Red Hat

Red Hat build of Keycloak 22

affected

Version	Status	Constraints
`22-6`	unaffected	< *

Red Hat

Red Hat build of Keycloak 22

affected

Version	Status	Constraints
`22-9`	unaffected	< *

Red Hat Red Hat build of Keycloak 22.0.7 unaffected —

Red Hat Red Hat Single Sign-On 7 unaffected —

Red Hat

Red Hat Single Sign-On 7.6 for RHEL 7

affected

Version	Status	Constraints
`0:18.0.11-2.redhat_00003.1.el7sso`	unaffected	< *

Red Hat

Red Hat Single Sign-On 7.6 for RHEL 7

affected

Version	Status	Constraints
`0:18.0.12-1.redhat_00001.1.el7sso`	unaffected	< *

Red Hat

Red Hat Single Sign-On 7.6 for RHEL 8

affected

Version	Status	Constraints
`0:18.0.11-2.redhat_00003.1.el8sso`	unaffected	< *

Red Hat

Red Hat Single Sign-On 7.6 for RHEL 8

affected

Version	Status	Constraints
`0:18.0.12-1.redhat_00001.1.el8sso`	unaffected	< *

Red Hat

Red Hat Single Sign-On 7.6 for RHEL 9

affected

Version	Status	Constraints
`0:18.0.11-2.redhat_00003.1.el9sso`	unaffected	< *

Red Hat

Red Hat Single Sign-On 7.6 for RHEL 9

affected

Version	Status	Constraints
`0:18.0.12-1.redhat_00001.1.el9sso`	unaffected	< *

Red Hat

RHEL-8 based Middleware Containers

affected

Version	Status	Constraints
`7.6-38`	unaffected	< *

Red Hat

RHEL-8 based Middleware Containers

affected

Version	Status	Constraints
`7.6.6-2`	unaffected	< *

Red Hat

RHEL-8 based Middleware Containers

affected

Version	Status	Constraints
`7.6-41`	unaffected	< *

Red Hat Single Sign-On 7.6.6 unaffected —

Red Hat Migration Toolkit for Applications 6 affected —

Red Hat Migration Toolkit for Applications 7 unaffected —

Red Hat OpenShift Serverless unaffected —

Red Hat Red Hat Data Grid 8 unaffected —

Red Hat Red Hat Decision Manager 7 unaffected —

Red Hat Red Hat Fuse 7 unaffected —

Red Hat Red Hat JBoss Data Grid 7 unaffected —

Red Hat Red Hat JBoss Enterprise Application Platform 6 unaffected —

Red Hat Red Hat Process Automation 7 unaffected —

Configuration 1 [-]

OR	cpe:2.3:a:redhat:keycloak::::::::
	cpe:2.3:a:redhat:single_sign-on:-::::text-only:::

Configuration 2 [-]

AND

OR	cpe:2.3:a:redhat:openshift_container_platform:4.11:::::::*
	cpe:2.3:a:redhat:openshift_container_platform:4.12:::::::*
	cpe:2.3:a:redhat:openshift_container_platform_for_ibm_z:4.9:::::::*
	cpe:2.3:a:redhat:openshift_container_platform_for_ibm_z:4.10:::::::*
	cpe:2.3:a:redhat:openshift_container_platform_for_linuxone:4.9:::::::*
	cpe:2.3:a:redhat:openshift_container_platform_for_linuxone:4.10:::::::*
	cpe:2.3:a:redhat:openshift_container_platform_for_power:4.9:::::::*
	cpe:2.3:a:redhat:openshift_container_platform_for_power:4.10:::::::*

cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:a:redhat:single_sign-on:7.6:*:*:*:*:*:*:*

OR	cpe:2.3:o:redhat:enterprise_linux:7.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux:8.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux:9.0:::::::*

Configuration 4 [-]

OR	cpe:2.3:a:redhat:migration_toolkit_for_applications:6.0:::::::*
	cpe:2.3:a:redhat:migration_toolkit_for_applications:7.0:::::::*

Package	CPE	Advisory	Released Date
Red Hat build of Keycloak 22
rhbk/keycloak-operator-bundle:22.0.7-1	cpe:/a:redhat:build_keycloak:22::el9	RHSA-2023:7861	2023-12-14T00:00:00Z
rhbk/keycloak-rhel9:22-6	cpe:/a:redhat:build_keycloak:22::el9	RHSA-2023:7861	2023-12-14T00:00:00Z
rhbk/keycloak-rhel9-operator:22-9	cpe:/a:redhat:build_keycloak:22::el9	RHSA-2023:7861	2023-12-14T00:00:00Z
Red Hat build of Keycloak 22.0.7
keycloak	cpe:/a:redhat:build_keycloak:22	RHSA-2023:7860	2023-12-14T00:00:00Z
Red Hat Single Sign-On 7
keycloak	cpe:/a:redhat:red_hat_single_sign_on:7.6	RHSA-2024:0804	2024-02-13T00:00:00Z
Red Hat Single Sign-On 7.6 for RHEL 7
rh-sso7-keycloak-0:18.0.11-2.redhat_00003.1.el7sso	cpe:/a:redhat:red_hat_single_sign_on:7.6::el7	RHSA-2023:7854	2023-12-14T00:00:00Z
rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el7sso	cpe:/a:redhat:red_hat_single_sign_on:7.6::el7	RHSA-2024:0798	2024-02-13T00:00:00Z
Red Hat Single Sign-On 7.6 for RHEL 8
rh-sso7-keycloak-0:18.0.11-2.redhat_00003.1.el8sso	cpe:/a:redhat:red_hat_single_sign_on:7.6::el8	RHSA-2023:7856	2023-12-14T00:00:00Z
rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el8sso	cpe:/a:redhat:red_hat_single_sign_on:7.6::el8	RHSA-2024:0799	2024-02-13T00:00:00Z
Red Hat Single Sign-On 7.6 for RHEL 9
rh-sso7-keycloak-0:18.0.11-2.redhat_00003.1.el9sso	cpe:/a:redhat:red_hat_single_sign_on:7.6::el9	RHSA-2023:7855	2023-12-14T00:00:00Z
rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el9sso	cpe:/a:redhat:red_hat_single_sign_on:7.6::el9	RHSA-2024:0800	2024-02-13T00:00:00Z
RHEL-8 based Middleware Containers
rh-sso-7/sso76-openshift-rhel8:7.6-38	cpe:/a:redhat:rhosemc:1.0::el8	RHSA-2023:7857	2023-12-14T00:00:00Z
rh-sso-7/sso7-rhel8-operator-bundle:7.6.6-2	cpe:/a:redhat:rhosemc:1.0::el8	RHSA-2023:7857	2023-12-14T00:00:00Z
rh-sso-7/sso76-openshift-rhel8:7.6-41	cpe:/a:redhat:rhosemc:1.0::el8	RHSA-2024:0801	2024-02-13T00:00:00Z
Single Sign-On 7.6.6
keycloak	cpe:/a:redhat:red_hat_single_sign_on:7.6.6	RHSA-2023:7858	2023-12-14T00:00:00Z

No data available yet.

Remediation

Vendor Workaround

Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
EUVD	EUVD-2023-3249	A flaw was found in the redirect_uri validation logic in Keycloak. This issue may allow a bypass of otherwise explicitly allowed hosts. A successful attack may lead to an access token being stolen, making it possible for the attacker to impersonate other users.
Github GHSA	GHSA-mpwq-j3xf-7m5w	The redirect_uri validation logic allows for bypassing explicitly allowed hosts that would otherwise be restricted

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00181.

Exploitation none

Automatable no

Technical Impact partial

References

Link	Providers
https://access.redhat.com/errata/RHSA-2023:7854
https://access.redhat.com/errata/RHSA-2023:7855
https://access.redhat.com/errata/RHSA-2023:7856
https://access.redhat.com/errata/RHSA-2023:7857
https://access.redhat.com/errata/RHSA-2023:7858
https://access.redhat.com/errata/RHSA-2023:7860
https://access.redhat.com/errata/RHSA-2023:7861
https://access.redhat.com/errata/RHSA-2024:0798
https://access.redhat.com/errata/RHSA-2024:0799
https://access.redhat.com/errata/RHSA-2024:0800
https://access.redhat.com/errata/RHSA-2024:0801
https://access.redhat.com/errata/RHSA-2024:0804
https://access.redhat.com/security/cve/CVE-2023-6291
https://bugzilla.redhat.com/show_bug.cgi?id=2251407
https://nvd.nist.gov/vuln/detail/CVE-2023-6291
https://www.cve.org/CVERecord?id=CVE-2023-6291

History

Wed, 13 Nov 2024 15:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Subscriptions

Redhat Build Keycloak Enterprise Linux Jboss Data Grid Jboss Enterprise Application Platform Jboss Enterprise Bpms Platform Jboss Enterprise Brms Platform Jboss Fuse Keycloak Migration Toolkit Applications Migration Toolkit For Applications Openshift Container Platform Openshift Container Platform For Ibm Z Openshift Container Platform For Linuxone Openshift Container Platform For Power Red Hat Single Sign On Rhosemc Serverless Single Sign-on

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2024-01-26T14:23:43.185Z

Updated: 2025-11-11T16:12:14.005Z

Reserved: 2023-11-24T18:16:45.923Z

Link: CVE-2023-6291

Vulnrichment

Updated: 2024-08-02T08:28:21.867Z

NVD

Status : Modified

Published: 2024-01-26T15:15:08.280

Modified: 2024-11-21T08:43:32.587

Link: CVE-2023-6291

Redhat

Severity : Important

Publid Date: 2023-12-14T00:00:00Z

Links: CVE-2023-6291 - Bugzilla

OpenCVE Enrichment

No data.

Weaknesses

CWE-601

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction Required

Exploitation none

Automatable no

Technical Impact partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object