A flaw was found in Keycloak, where it does not properly validate URLs included in a redirect. This issue could allow an attacker to construct a malicious request to bypass validation and access other URLs and sensitive information within the domain or conduct further attacks. This flaw affects any client that utilizes a wildcard in the Valid Redirect URIs field, and requires user interaction within the malicious URL.
Fixes

Solution

No solution given by the vendor.


Workaround

No current mitigation is available for this vulnerability.

History

Mon, 30 Jun 2025 14:15:00 +0000

Type Values Removed Values Added
First Time appeared Redhat build Of Keycloak
Redhat jboss Middleware Text-only Advisories
Redhat keycloak
Redhat migration Toolkit For Applications
Redhat migration Toolkit For Runtimes
Redhat openshift Container Platform
Redhat openshift Container Platform For Ibm Z
Redhat openshift Container Platform For Linuxone
Redhat openshift Container Platform For Power
Redhat single Sign-on
CPEs cpe:2.3:a:redhat:build_of_keycloak:-:*:*:*:text-only:*:*:*
cpe:2.3:a:redhat:jboss_middleware_text-only_advisories:1.0:*:*:*:*:middleware:*:*
cpe:2.3:a:redhat:keycloak:*:*:*:*:*:*:*:*
cpe:2.3:a:redhat:migration_toolkit_for_applications:1.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:migration_toolkit_for_runtimes:-:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform:4.11:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform:4.12:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform_for_ibm_z:4.10:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform_for_ibm_z:4.9:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform_for_linuxone:4.10:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform_for_linuxone:4.9:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform_for_power:4.10:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform_for_power:4.9:*:*:*:*:*:*:*
cpe:2.3:a:redhat:single_sign-on:-:*:*:*:text-only:*:*:*
cpe:2.3:a:redhat:single_sign-on:7.6:*:*:*:*:*:*:*
Vendors & Products Redhat build Of Keycloak
Redhat jboss Middleware Text-only Advisories
Redhat keycloak
Redhat migration Toolkit For Applications
Redhat migration Toolkit For Runtimes
Redhat openshift Container Platform
Redhat openshift Container Platform For Ibm Z
Redhat openshift Container Platform For Linuxone
Redhat openshift Container Platform For Power
Redhat single Sign-on

Wed, 18 Sep 2024 08:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published:

Updated: 2025-08-07T12:07:09.480Z

Reserved: 2024-01-31T17:07:33.455Z

Link: CVE-2024-1132

cve-icon Vulnrichment

Updated: 2024-08-01T18:26:30.564Z

cve-icon NVD

Status : Analyzed

Published: 2024-04-17T14:15:07.953

Modified: 2025-06-30T13:58:57.033

Link: CVE-2024-1132

cve-icon Redhat

Severity : Important

Publid Date: 2024-04-16T00:00:00Z

Links: CVE-2024-1132 - Bugzilla

cve-icon OpenCVE Enrichment

No data.