CVE-2023-6291
published 2024-01-26CVE-2023-6291: A flaw was found in the redirect_uri validation logic in Keycloak. This issue may allow a bypass of otherwise explicitly allowed hosts. A successful attack may…
high7.1CVSS 3.1
AVNACLPRNUIRSCCLILAL
A flaw was found in the redirect_uri validation logic in Keycloak. This issue may allow a bypass of otherwise explicitly allowed hosts. A successful attack may lead to an access token being stolen, making it possible for the attacker to impersonate other users.
Affected
13 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| chrome_chrome | — | — | |
| redhat | keycloak | < 22.0.7 | 22.0.7 |
| redhat | migration_toolkit_for_applications | — | — |
| redhat | migration_toolkit_for_applications | — | — |
| redhat | openshift_container_platform | — | — |
| redhat | openshift_container_platform | — | — |
| redhat | openshift_container_platform_for_ibm_z | — | — |
| redhat | openshift_container_platform_for_ibm_z | — | — |
| redhat | openshift_container_platform_for_linuxone | — | — |
| redhat | openshift_container_platform_for_linuxone | — | — |
| redhat | openshift_container_platform_for_power | — | — |
| redhat | openshift_container_platform_for_power | — | — |
| redhat | single_sign-on | — | — |