Impact
A flaw allows an attacker with administrative privileges or access to client registration endpoints to bypass URI validation by registering a malicious client with a redirect URI using a case‑insensitive javascript: or data: scheme. When a victim clicks the crafted link, such as in logout or the Admin Console, native JavaScript code runs in the Keycloak origin. This cross‑site scripting exposure can lead to arbitrary code execution within the Keycloak environment.
Affected Systems
The vulnerable product is Red Hat Build of Keycloak. No specific version details are disclosed, so all deployments of this build should be evaluated. The problem resides in the client registration component and the URL validation logic.
Risk and Exploitability
The CVSS base score for this vulnerability is 7.3, indicating moderate‑to‑high severity. EPSS data is not available, but the vulnerability is not listed in the CISA KEV catalog. The attack vector is remote and requires administrative privileges or client registration access. The likely path involves creating a client with a crafted redirect URI that triggers XSS when a user is redirected to execute arbitrary code in the context of Keycloak.
OpenCVE Enrichment