A flaw was found in Keycloak's redirect_uri validation logic. This issue may allow a bypass of otherwise explicitly allowed hosts. A successful attack may lead to the theft of an access token, making it possible for the attacker to impersonate other users. It is very similar to CVE-2023-6291.
Fixes

Solution

No solution given by the vendor.


Workaround

Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

History

Tue, 17 Sep 2024 20:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published:

Updated: 2025-08-27T12:56:55.614Z

Reserved: 2024-03-13T13:17:07.809Z

Link: CVE-2024-2419

cve-icon Vulnrichment

Updated: 2024-08-01T19:11:53.540Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-04-17T14:15:08.367

Modified: 2024-11-21T09:09:42.800

Link: CVE-2024-2419

cve-icon Redhat

Severity : Important

Publid Date: 2024-04-16T00:00:00Z

Links: CVE-2024-2419 - Bugzilla

cve-icon OpenCVE Enrichment

No data.