An open redirect vulnerability was found in Keycloak. A specially crafted URL can be constructed where the referrer and referrer_uri parameters are made to trick a user to visit a malicious webpage. A trusted URL can trick users and automation into believing that the URL is safe, when, in fact, it redirects to a malicious server. This issue can result in a victim inadvertently trusting the destination of the redirect, potentially leading to a successful phishing attack or other types of attacks.

Once a crafted URL is made, it can be sent to a Keycloak admin via email for example. This will trigger this vulnerability when the user visits the page and clicks the link. A malicious actor can use this to target users they know are Keycloak admins for further attacks. It may also be possible to bypass other domain-related security checks, such as supplying this as a OAuth redirect uri. The malicious actor can further obfuscate the redirect_uri using URL encoding, to hide the text of the actual malicious website domain.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Tue, 01 Oct 2024 13:45:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 4.4, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N'}

cvssV3_1

{'score': 6.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N'}


Thu, 26 Sep 2024 15:30:00 +0000

Type Values Removed Values Added
First Time appeared Redhat build Of Keycloak
Redhat keycloak
CPEs cpe:2.3:a:redhat:build_of_keycloak:*:*:*:*:*:*:*:*
cpe:2.3:a:redhat:keycloak:*:*:*:*:*:*:*:*
Vendors & Products Redhat build Of Keycloak
Redhat keycloak

Wed, 18 Sep 2024 08:45:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:build_keycloak:22 cpe:/a:redhat:build_keycloak:24

Mon, 09 Sep 2024 20:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Mon, 09 Sep 2024 19:30:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

threat_severity

Moderate


Mon, 09 Sep 2024 19:00:00 +0000

Type Values Removed Values Added
Description An open redirect vulnerability was found in Keycloak. A specially crafted URL can be constructed where the referrer and referrer_uri parameters are made to trick a user to visit a malicious webpage. A trusted URL can trick users and automation into believing that the URL is safe, when, in fact, it redirects to a malicious server. This issue can result in a victim inadvertently trusting the destination of the redirect, potentially leading to a successful phishing attack or other types of attacks. Once a crafted URL is made, it can be sent to a Keycloak admin via email for example. This will trigger this vulnerability when the user visits the page and clicks the link. A malicious actor can use this to target users they know are Keycloak admins for further attacks. It may also be possible to bypass other domain-related security checks, such as supplying this as a OAuth redirect uri. The malicious actor can further obfuscate the redirect_uri using URL encoding, to hide the text of the actual malicious website domain.
Title Keycloak-core: open redirect on account page
First Time appeared Redhat
Redhat build Keycloak
Weaknesses CWE-601
CPEs cpe:/a:redhat:build_keycloak:22
cpe:/a:redhat:build_keycloak:24::el9
Vendors & Products Redhat
Redhat build Keycloak
References
Metrics cvssV3_1

{'score': 4.4, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published:

Updated: 2025-08-30T22:49:29.471Z

Reserved: 2024-07-30T02:24:02.197Z

Link: CVE-2024-7260

cve-icon Vulnrichment

Updated: 2024-09-09T19:13:37.589Z

cve-icon NVD

Status : Modified

Published: 2024-09-09T19:15:14.033

Modified: 2024-10-01T14:15:06.553

Link: CVE-2024-7260

cve-icon Redhat

Severity : Moderate

Publid Date: 2024-09-09T13:55:00Z

Links: CVE-2024-7260 - Bugzilla

cve-icon OpenCVE Enrichment

No data.