CVE-2023-6134

CWE-79 — Cross-site Scripting (XSS)CWE-75 CWE-601 — Open Redirect9 documents5 sources

Severity

5.4MEDIUM

EPSS

2.5%

top 14.74%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redhat Keycloak Redhat Single Sign-on Redhat Openshift Container Platform +2 more

Timeline

PublishedDec 14

Latest updateJan 23

Description

A flaw was found in Keycloak that prevents certain schemes in redirects, but permits them if a wildcard is appended to the token. This issue could allow an attacker to submit a specially crafted request leading to cross-site scripting (XSS) or further attacks. This flaw is the result of an incomplete fix for CVE-2020-10748.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:NExploitability: 2.1 | Impact: 2.5

Affected Packages4 packages

▶NVDredhat/keycloak< 22.0.7

▶Mavenorg.keycloak:keycloak-services< 23.0.3

▶NVDredhat/single_sign-on< 7.6

▶NVDredhat/openshift_container_platform_ibm_z_systems4.10, 4.9+1

Also affects: Openshift Container Platform 4.11, 4.12, 4.10, 4.9

🔴Vulnerability Details

GHSA

keycloak-core: open redirect via "form_post.jwt" JARM response mode↗2024-01-23

▶

GHSA

Duplicate Advisory: Keycloak Open Redirect vulnerability↗2023-12-19

▶

GHSA

Keycloak vulnerable to reflected XSS via wildcard in OIDC redirect_uri↗2023-12-18

▶

OSV

Keycloak vulnerable to reflected XSS via wildcard in OIDC redirect_uri↗2023-12-18

▶

CVEList

Keycloak: reflected xss via wildcard in oidc redirect_uri↗2023-12-14

▶

📋Vendor Advisories

Red Hat

keycloak-core: Reflected XSS via wildcard in OIDC redirect_uri. Incomplete fix of CVE-2023-6134↗2023-12-18

▶

Red Hat

keycloak: open redirect via "form_post.jwt" JARM response mode↗2023-12-18

▶

Red Hat

keycloak: reflected XSS via wildcard in OIDC redirect_uri↗2023-11-14

▶