CVE-2024-7260

CWE-601 — Open Redirect5 documents5 sources

Severity

6.1MEDIUM

EPSS

0.4%

top 41.37%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redhat Build OF Keycloak Redhat Keycloak

Timeline

PublishedSep 9

Description

An open redirect vulnerability was found in Keycloak. A specially crafted URL can be constructed where the referrer and referrer_uri parameters are made to trick a user to visit a malicious webpage. A trusted URL can trick users and automation into believing that the URL is safe, when, in fact, it redirects to a malicious server. This issue can result in a victim inadvertently trusting the destination of the redirect, potentially leading to a successful phishing attack or other types of attacks.…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages3 packages

▶NVDredhat/keycloak< 24.0.7

▶NVDredhat/build_of_keycloak< 24.0.7

▶Mavenorg.keycloak:keycloak-core< 24.0.7

🔴Vulnerability Details

GHSA

Keycloak Open Redirect vulnerability↗2024-09-09

▶

OSV

Keycloak Open Redirect vulnerability↗2024-09-09

▶

CVEList

Keycloak-core: open redirect on account page↗2024-09-09

▶

📋Vendor Advisories

Red Hat

keycloak-core: Open Redirect on Account page↗2024-09-09

▶