Description
A flaw was found in the SAML client registration in Keycloak that could allow an administrator to register malicious JavaScript URIs as Assertion Consumer Service POST Binding URLs (ACS), posing a Cross-Site Scripting (XSS) risk. This issue may allow a malicious admin in one realm or a client with registration access to target users in different realms or applications, executing arbitrary JavaScript in their contexts upon form submission. This can enable unauthorized access and harmful actions, compromising the confidentiality, integrity, and availability of the complete KC instance.
Analysis
No analysis available yet.
Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).
| Vendor | Product | Default status | Versions | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| unaffected |
|
|||||||||||
| Red Hat | Red Hat AMQ Broker 7 | unaffected | — | |||||||||
| Red Hat | Red Hat build of Keycloak 22 | affected |
|
|||||||||
| Red Hat | Red Hat build of Keycloak 22 | affected |
|
|||||||||
| Red Hat | Red Hat build of Keycloak 22 | affected |
|
|||||||||
| Red Hat | Red Hat build of Keycloak 22.0.10 | unaffected | — | |||||||||
| Red Hat | RHOSS-1.33-RHEL-8 | affected |
|
|||||||||
| Red Hat | RHOSS-1.33-RHEL-8 | affected |
|
|||||||||
| Red Hat | RHOSS-1.33-RHEL-8 | affected |
|
|||||||||
| Red Hat | RHOSS-1.33-RHEL-8 | affected |
|
|||||||||
| Red Hat | RHOSS-1.33-RHEL-8 | affected |
|
|||||||||
| Red Hat | RHOSS-1.33-RHEL-8 | affected |
|
|||||||||
| Red Hat | RHOSS-1.33-RHEL-8 | affected |
|
|||||||||
| Red Hat | RHOSS-1.33-RHEL-8 | affected |
|
|||||||||
| Red Hat | RHOSS-1.33-RHEL-8 | affected |
|
|||||||||
| Red Hat | RHPAM 7.13.5 async | unaffected | — | |||||||||
| Red Hat | Migration Toolkit for Applications 6 | affected | — | |||||||||
| Red Hat | Migration Toolkit for Applications 7 | unaffected | — | |||||||||
| Red Hat | Red Hat build of Apicurio Registry 2 | affected | — | |||||||||
| Red Hat | Red Hat build of Quarkus | unaffected | — | |||||||||
| Red Hat | Red Hat build of Quarkus | unaffected | — | |||||||||
| Red Hat | Red Hat Data Grid 8 | affected | — | |||||||||
| Red Hat | Red Hat Decision Manager 7 | affected | — | |||||||||
| Red Hat | Red Hat Developer Hub | unaffected | — | |||||||||
| Red Hat | Red Hat Fuse 7 | affected | — | |||||||||
| Red Hat | Red Hat JBoss Data Grid 7 | affected | — | |||||||||
| Red Hat | Red Hat JBoss Enterprise Application Platform 6 | unknown | — | |||||||||
| Red Hat | Red Hat JBoss Enterprise Application Platform 6 | unknown | — | |||||||||
| Red Hat | Red Hat JBoss Enterprise Application Platform 6 | unknown | — | |||||||||
| Red Hat | Red Hat JBoss Enterprise Application Platform 7 | unaffected | — | |||||||||
| Red Hat | Red Hat JBoss Enterprise Application Platform 8 | unaffected | — | |||||||||
| Red Hat | Red Hat JBoss Enterprise Application Platform Expansion Pack | unaffected | — | |||||||||
| Red Hat | Red Hat OpenShift GitOps | affected | — | |||||||||
| Red Hat | Red Hat Process Automation 7 | affected | — | |||||||||
| Red Hat | Red Hat Single Sign-On 7 | affected | — |
No data.
| Package | CPE | Advisory | Released Date |
|---|---|---|---|
| Red Hat AMQ Broker 7 | |||
| keycloak | cpe:/a:redhat:amq_broker:7.12 | RHSA-2024:2945 | 2024-05-21T00:00:00Z |
| Red Hat build of Keycloak 22 | |||
| rhbk/keycloak-operator-bundle:22.0.10-1 | cpe:/a:redhat:build_keycloak:22::el9 | RHSA-2024:1867 | 2024-04-16T00:00:00Z |
| rhbk/keycloak-rhel9:22-13 | cpe:/a:redhat:build_keycloak:22::el9 | RHSA-2024:1867 | 2024-04-16T00:00:00Z |
| rhbk/keycloak-rhel9-operator:22-16 | cpe:/a:redhat:build_keycloak:22::el9 | RHSA-2024:1867 | 2024-04-16T00:00:00Z |
| Red Hat build of Keycloak 22.0.10 | |||
| keycloak | cpe:/a:redhat:build_keycloak:22 | RHSA-2024:1868 | 2024-04-16T00:00:00Z |
| RHOSS-1.33-RHEL-8 | |||
| openshift-serverless-1/logic-data-index-ephemeral-rhel8:1.33.0-5 | cpe:/a:redhat:openshift_serverless:1.33::el8 | RHSA-2024:4057 | 2024-06-24T00:00:00Z |
| openshift-serverless-1/logic-data-index-postgresql-rhel8:1.33.0-5 | cpe:/a:redhat:openshift_serverless:1.33::el8 | RHSA-2024:4057 | 2024-06-24T00:00:00Z |
| openshift-serverless-1/logic-jobs-service-ephemeral-rhel8:1.33.0-5 | cpe:/a:redhat:openshift_serverless:1.33::el8 | RHSA-2024:4057 | 2024-06-24T00:00:00Z |
| openshift-serverless-1/logic-jobs-service-postgresql-rhel8:1.33.0-5 | cpe:/a:redhat:openshift_serverless:1.33::el8 | RHSA-2024:4057 | 2024-06-24T00:00:00Z |
| openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8:1.33.0-5 | cpe:/a:redhat:openshift_serverless:1.33::el8 | RHSA-2024:4057 | 2024-06-24T00:00:00Z |
| openshift-serverless-1/logic-operator-bundle:1.33.0-5 | cpe:/a:redhat:openshift_serverless:1.33::el8 | RHSA-2024:4057 | 2024-06-24T00:00:00Z |
| openshift-serverless-1/logic-rhel8-operator:1.33.0-3 | cpe:/a:redhat:openshift_serverless:1.33::el8 | RHSA-2024:4057 | 2024-06-24T00:00:00Z |
| openshift-serverless-1/logic-swf-builder-rhel8:1.33.0-5 | cpe:/a:redhat:openshift_serverless:1.33::el8 | RHSA-2024:4057 | 2024-06-24T00:00:00Z |
| openshift-serverless-1/logic-swf-devmode-rhel8:1.33.0-5 | cpe:/a:redhat:openshift_serverless:1.33::el8 | RHSA-2024:4057 | 2024-06-24T00:00:00Z |
| RHPAM 7.13.5 async | |||
| cpe:/a:redhat:jboss_enterprise_bpms_platform:7.13 | RHSA-2024:1353 | 2024-03-18T00:00:00Z | |
No data available yet.
Remediation
No remediation available yet.
Tracking
Sign in to view the affected projects.
Advisories
| Source | ID | Title |
|---|---|---|
 EUVD |
EUVD-2024-1164 | A flaw was found in the SAML client registration in Keycloak that could allow an administrator to register malicious JavaScript URIs as Assertion Consumer Service POST Binding URLs (ACS), posing a Cross-Site Scripting (XSS) risk. This issue may allow a malicious admin in one realm or a client with registration access to target users in different realms or applications, executing arbitrary JavaScript in their contexts upon form submission. This can enable unauthorized access and harmful actions, compromising the confidentiality, integrity, and availability of the complete KC instance. |
 Github GHSA |
GHSA-8rmm-gm28-pj8q | Keycloak Cross-site Scripting (XSS) via assertion consumer service URL in SAML POST-binding flow |
References
History
Wed, 18 Mar 2026 03:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| CPEs | cpe:/a:redhat:quarkus:3 |
Thu, 19 Sep 2024 08:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Thu, 29 Aug 2024 19:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| References |
|
Thu, 29 Aug 2024 06:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| CPEs | cpe:/a:redhat:jboss_enterprise_bpms_platform:7.13 |
Subscriptions
Redhat
Subscribe
Amq Broker
Subscribe
Build Keycloak
Subscribe
Jboss Data Grid
Subscribe
Jboss Enterprise Application Platform
Subscribe
Jboss Enterprise Bpms Platform
Subscribe
Jboss Enterprise Brms Platform
Subscribe
Jboss Fuse
Subscribe
Jbosseapxp
Subscribe
Migration Toolkit Applications
Subscribe
Openshift Gitops
Subscribe
Openshift Serverless
Subscribe
Quarkus
Subscribe
Red Hat Single Sign On
Subscribe
Rhdh
Subscribe
Service Registry
Subscribe
MITRE
Status: PUBLISHED
Assigner: redhat
Published:
Updated: 2026-04-01T19:03:55.425Z
Reserved: 2023-12-12T07:30:43.924Z
Link: CVE-2023-6717
Vulnrichment
Updated: 2024-08-02T08:35:14.887Z
NVD
Status : Awaiting Analysis
Published: 2024-04-25T16:15:10.653
Modified: 2024-11-21T08:44:24.813
Link: CVE-2023-6717
Redhat
OpenCVE Enrichment
No data.
Weaknesses