CVE-2023-6134
published 2023-12-14CVE-2023-6134: A flaw was found in Keycloak that prevents certain schemes in redirects, but permits them if a wildcard is appended to the token. This issue could allow an…
medium5.4CVSS 3.1
AVNACLPRLUIRSCCLILAN
A flaw was found in Keycloak that prevents certain schemes in redirects, but permits them if a wildcard is appended to the token. This issue could allow an attacker to submit a specially crafted request leading to cross-site scripting (XSS) or further attacks. This flaw is the result of an incomplete fix for CVE-2020-10748.
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| redhat | keycloak | < 22.0.7 | 22.0.7 |
| redhat | openshift_container_platform | — | — |
| redhat | openshift_container_platform | — | — |
| redhat | openshift_container_platform_for_power | — | — |
| redhat | openshift_container_platform_for_power | — | — |
| redhat | openshift_container_platform_ibm_z_systems | — | — |
| redhat | openshift_container_platform_ibm_z_systems | — | — |
| redhat | single_sign-on | < 7.6 | 7.6 |
| redhat | single_sign-on | — | — |
CVSS provenance
nvdv3.16.1MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
ghsa5.4MEDIUM
osv5.4MEDIUM