CVE-2023-6927 — Open Redirect in Redhat Single Sign-on

CWE-601 — Open Redirect CWE-75 — Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)6 documents5 sources

Severity

6.1MEDIUMNVD

CNA4.6GHSA5.4OSV5.4

EPSS

0.8%

top 25.29%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redhat Single Sign-on

Timeline

PublishedDec 18

Latest updateJan 23

Description

A flaw was found in Keycloak. This issue may allow an attacker to steal authorization codes or tokens from clients using a wildcard in the JARM response mode "form_post.jwt" which could be used to bypass the security patch implemented to address CVE-2023-6134.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages1 packages

▶NVDredhat/single_sign-on7.0

🔴Vulnerability Details

GHSA

keycloak-core: open redirect via "form_post.jwt" JARM response mode↗2024-01-23

▶

OSV

keycloak-core: open redirect via "form_post.jwt" JARM response mode↗2024-01-23

▶

CVEList

Keycloak: open redirect via "form_post.jwt" jarm response mode↗2023-12-18

▶

📋Vendor Advisories

Red Hat

keycloak: open redirect via "form_post.jwt" JARM response mode↗2023-12-18

▶

Red Hat

keycloak-core: Reflected XSS via wildcard in OIDC redirect_uri. Incomplete fix of CVE-2023-6134↗2023-12-18

▶