Search

Find a vulnerability

Search criteria

    196 vulnerabilities found for keycloak by redhat

    CVE-2026-3047 (GCVE-0-2026-3047)

    Vulnerability from nvd – Published: 2026-03-05 18:28 – Updated: 2026-06-30 12:08
    VLAI
    Title
    Org.keycloak.broker.saml: keycloak saml broker: authentication bypass due to disabled saml client completing idp-initiated login
    Summary
    A flaw was found in org.keycloak.broker.saml. When a disabled Security Assertion Markup Language (SAML) client is configured as an Identity Provider (IdP)-initiated broker landing target, it can still complete the login process and establish a Single Sign-On (SSO) session. This allows a remote attacker to gain unauthorized access to other enabled clients without re-authentication, effectively bypassing security restrictions.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-305 - Authentication Bypass by Primary Weakness
    Assigner
    References
    URL Tags
    https://access.redhat.com/errata/RHSA-2026:3925 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:3926 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:3947 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:3948 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/security/cve/CVE-2026-3047 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=2441966 issue-trackingx_refsource_REDHAT
    https://security.access.redhat.com/data/csaf/v2/v… x_sadp-csaf-vex
    Impacted products
    Vendor Product Version
    Red Hat Red Hat build of Keycloak 26.2 Unaffected: 26.2.14-1 , < * (rpm)
        cpe:/a:redhat:build_keycloak:26.2::el9
    Create a notification for this product.
    Red Hat Red Hat build of Keycloak 26.2 Unaffected: 26.2-16 , < * (rpm)
        cpe:/a:redhat:build_keycloak:26.2::el9
    Create a notification for this product.
    Red Hat Red Hat build of Keycloak 26.2.14     cpe:/a:redhat:build_keycloak:26.2::el9
    Create a notification for this product.
    Red Hat Red Hat build of Keycloak 26.4 Unaffected: 26.4.10-1 , < * (rpm)
        cpe:/a:redhat:build_keycloak:26.4::el9
    Create a notification for this product.
    Red Hat Red Hat build of Keycloak 26.4 Unaffected: 26.4-12 , < * (rpm)
        cpe:/a:redhat:build_keycloak:26.4::el9
    Create a notification for this product.
    Red Hat Red Hat build of Keycloak 26.4.10     cpe:/a:redhat:build_keycloak:26.4::el9
    Create a notification for this product.
    Red Hat Red Hat build of Keycloak 26.2     cpe:/a:redhat:build_keycloak:26.2::el9
    Create a notification for this product.
    Red Hat Red Hat build of Keycloak 26.4     cpe:/a:redhat:build_keycloak:26.4::el9
    Create a notification for this product.
    Date Public
    2026-03-05 11:24
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-3047",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-06T18:13:06.967396Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-06T18:13:14.612Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:/a:redhat:build_keycloak:26.2::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat build of Keycloak 26.2",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:build_keycloak:26.4::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat build of Keycloak 26.4",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:build_keycloak:26.2::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat build of Keycloak 26.2.14",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:build_keycloak:26.4::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat build of Keycloak 26.4.10",
                "vendor": "Red Hat"
              }
            ],
            "datePublic": "2026-03-05T11:24:00.000Z",
            "descriptions": [
              {
                "lang": "en",
                "value": "A flaw was found in org.keycloak.broker.saml. When a disabled Security Assertion Markup Language (SAML) client is configured as an Identity Provider (IdP)-initiated broker landing target, it can still complete the login process and establish a Single Sign-On (SSO) session. This allows a remote attacker to gain unauthorized access to other enabled clients without re-authentication, effectively bypassing security restrictions."
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "namespace": "https://access.redhat.com/security/updates/classification/",
                    "value": "Important"
                  },
                  "type": "Red Hat severity rating"
                }
              },
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 8.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                },
                "format": "CVSS"
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-305",
                    "description": "Authentication Bypass by Primary Weakness",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-30T12:08:19.870Z",
              "orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
              "shortName": "redhat-SADP"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2026-3047"
              },
              {
                "name": "RHBZ#2441966",
                "tags": [
                  "issue-tracking",
                  "x_refsource_REDHAT"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2441966"
              },
              {
                "tags": [
                  "x_sadp-csaf-vex"
                ],
                "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-3047.json"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:3925"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:3948"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:3926"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:3947"
              }
            ],
            "solutions": [
              {
                "lang": "en",
                "value": "RHSA-2026:3925: Red Hat build of Keycloak 26.2"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:3948: Red Hat build of Keycloak 26.4"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:3926: Red Hat build of Keycloak 26.2.14"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:3947: Red Hat build of Keycloak 26.4.10"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2026-02-23T17:29:50.192Z",
                "value": "Reported to Red Hat."
              },
              {
                "lang": "en",
                "time": "2026-03-05T11:24:00.000Z",
                "value": "Made public."
              }
            ],
            "title": "org.keycloak.broker.saml: Keycloak SAML broker: Authentication bypass due to disabled SAML client completing IdP-initiated login",
            "workarounds": [
              {
                "lang": "en",
                "value": "To mitigate this issue, ensure that any SAML client intended to be disabled is not configured as an IdP-initiated broker landing target within Keycloak. Review your Keycloak realm configurations to identify and remove any such associations for disabled clients."
              }
            ],
            "x_adpType": "supplier",
            "x_generator": {
              "engine": "sadp-cli 1.0.0"
            }
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:build_keycloak:26.2::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "rhbk/keycloak-operator-bundle",
              "product": "Red Hat build of Keycloak 26.2",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "26.2.14-1",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:build_keycloak:26.2::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "rhbk/keycloak-rhel9",
              "product": "Red Hat build of Keycloak 26.2",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "26.2-16",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:build_keycloak:26.2::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "rhbk/keycloak-rhel9-operator",
              "product": "Red Hat build of Keycloak 26.2",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "26.2-16",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:build_keycloak:26.2::el9"
              ],
              "defaultStatus": "unaffected",
              "packageName": "rhbk/keycloak-rhel9",
              "product": "Red Hat build of Keycloak 26.2.14",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:build_keycloak:26.4::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "rhbk/keycloak-operator-bundle",
              "product": "Red Hat build of Keycloak 26.4",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "26.4.10-1",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:build_keycloak:26.4::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "rhbk/keycloak-rhel9",
              "product": "Red Hat build of Keycloak 26.4",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "26.4-12",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:build_keycloak:26.4::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "rhbk/keycloak-rhel9-operator",
              "product": "Red Hat build of Keycloak 26.4",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "26.4-12",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:build_keycloak:26.4::el9"
              ],
              "defaultStatus": "unaffected",
              "packageName": "rhbk/keycloak-rhel9",
              "product": "Red Hat build of Keycloak 26.4.10",
              "vendor": "Red Hat"
            }
          ],
          "datePublic": "2026-03-05T11:24:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in org.keycloak.broker.saml. When a disabled Security Assertion Markup Language (SAML) client is configured as an Identity Provider (IdP)-initiated broker landing target, it can still complete the login process and establish a Single Sign-On (SSO) session. This allows a remote attacker to gain unauthorized access to other enabled clients without re-authentication, effectively bypassing security restrictions."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Important"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-305",
                  "description": "Authentication Bypass by Primary Weakness",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-06T02:36:29.782Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2026:3925",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:3925"
            },
            {
              "name": "RHSA-2026:3926",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:3926"
            },
            {
              "name": "RHSA-2026:3947",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:3947"
            },
            {
              "name": "RHSA-2026:3948",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:3948"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2026-3047"
            },
            {
              "name": "RHBZ#2441966",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2441966"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-02-23T17:29:50.192Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2026-03-05T11:24:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Org.keycloak.broker.saml: keycloak saml broker: authentication bypass due to disabled saml client completing idp-initiated login",
          "workarounds": [
            {
              "lang": "en",
              "value": "To mitigate this issue, ensure that any SAML client intended to be disabled is not configured as an IdP-initiated broker landing target within Keycloak. Review your Keycloak realm configurations to identify and remove any such associations for disabled clients."
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-305: Authentication Bypass by Primary Weakness"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2026-3047",
        "datePublished": "2026-03-05T18:28:36.337Z",
        "dateReserved": "2026-02-23T17:30:53.926Z",
        "dateUpdated": "2026-06-30T12:08:19.870Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-12150 (GCVE-0-2025-12150)

    Vulnerability from nvd – Published: 2026-02-27 08:10 – Updated: 2026-03-06 18:46
    VLAI
    Title
    Org.keycloak/keycloak-services: webauthn attestation statement verification bypass
    Summary
    A flaw was found in Keycloak’s WebAuthn registration component. This vulnerability allows an attacker to bypass the configured attestation policy and register untrusted or forged authenticators via submission of an attestation object with fmt: "none", even when the realm is configured to require direct attestation. This can lead to weakened authentication integrity and unauthorized authenticator registration.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-347 - Improper Verification of Cryptographic Signature
    Assigner
    References
    Impacted products
    Vendor Product Version
    Keycloak keycloak Affected: 0 , < 26.4.4 (semver)
    Create a notification for this product.
    Red Hat Red Hat build of Keycloak 26.2 Unaffected: 26.2.11-1 , < * (rpm)
        cpe:/a:redhat:build_keycloak:26.2::el9
    Create a notification for this product.
    Red Hat Red Hat build of Keycloak 26.2 Unaffected: 26.2-12 , < * (rpm)
        cpe:/a:redhat:build_keycloak:26.2::el9
    Create a notification for this product.
    Red Hat Red Hat build of Keycloak 26.2.11     cpe:/a:redhat:build_keycloak:26.2::el9
    Create a notification for this product.
    Red Hat Red Hat build of Keycloak 26.4 Unaffected: 26.4.4-1 , < * (rpm)
        cpe:/a:redhat:build_keycloak:26.4::el9
    Create a notification for this product.
    Red Hat Red Hat build of Keycloak 26.4 Unaffected: 26.4-3 , < * (rpm)
        cpe:/a:redhat:build_keycloak:26.4::el9
    Create a notification for this product.
    Red Hat Red Hat build of Keycloak 26.4.4     cpe:/a:redhat:build_keycloak:26.4::el9
    Create a notification for this product.
    Date Public
    2025-10-28 15:04
    Credits
    Red Hat would like to thank Stefan Kunz (cnlab) for reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-12150",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-27T16:45:45.376102Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-06T18:46:41.611Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://github.com/keycloak/keycloak",
              "defaultStatus": "unaffected",
              "packageName": "keycloak",
              "product": "keycloak",
              "vendor": "Keycloak",
              "versions": [
                {
                  "lessThan": "26.4.4",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:build_keycloak:26.2::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "rhbk/keycloak-operator-bundle",
              "product": "Red Hat build of Keycloak 26.2",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "26.2.11-1",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:build_keycloak:26.2::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "rhbk/keycloak-rhel9",
              "product": "Red Hat build of Keycloak 26.2",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "26.2-12",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:build_keycloak:26.2::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "rhbk/keycloak-rhel9-operator",
              "product": "Red Hat build of Keycloak 26.2",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "26.2-12",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:build_keycloak:26.2::el9"
              ],
              "defaultStatus": "unaffected",
              "product": "Red Hat build of Keycloak 26.2.11",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:build_keycloak:26.4::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "rhbk/keycloak-operator-bundle",
              "product": "Red Hat build of Keycloak 26.4",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "26.4.4-1",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:build_keycloak:26.4::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "rhbk/keycloak-rhel9",
              "product": "Red Hat build of Keycloak 26.4",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "26.4-3",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:build_keycloak:26.4::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "rhbk/keycloak-rhel9-operator",
              "product": "Red Hat build of Keycloak 26.4",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "26.4-3",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:build_keycloak:26.4::el9"
              ],
              "defaultStatus": "unaffected",
              "packageName": "org.keycloak/keycloak-services",
              "product": "Red Hat build of Keycloak 26.4.4",
              "vendor": "Red Hat"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Red Hat would like to thank Stefan Kunz (cnlab) for reporting this issue."
            }
          ],
          "datePublic": "2025-10-28T15:04:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in Keycloak\u2019s WebAuthn registration component. This vulnerability allows an attacker to bypass the configured attestation policy and register untrusted or forged authenticators via submission of an attestation object with fmt: \"none\", even when the realm is configured to require direct attestation. This can lead to weakened authentication integrity and unauthorized authenticator registration."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Low"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 3.1,
                "baseSeverity": "LOW",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-347",
                  "description": "Improper Verification of Cryptographic Signature",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-05T02:24:50.196Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2025:21370",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:21370"
            },
            {
              "name": "RHSA-2025:21371",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:21371"
            },
            {
              "name": "RHSA-2025:22088",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:22088"
            },
            {
              "name": "RHSA-2025:22089",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:22089"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2025-12150"
            },
            {
              "name": "RHBZ#2406192",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2406192"
            },
            {
              "url": "https://github.com/keycloak/keycloak/issues/43723"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-10-24T11:25:25.758Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2025-10-28T15:04:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Org.keycloak/keycloak-services: webauthn attestation statement verification bypass",
          "workarounds": [
            {
              "lang": "en",
              "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-347: Improper Verification of Cryptographic Signature"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2025-12150",
        "datePublished": "2026-02-27T08:10:15.448Z",
        "dateReserved": "2025-10-24T11:44:03.633Z",
        "dateUpdated": "2026-03-06T18:46:41.611Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-0871 (GCVE-0-2026-0871)

    Vulnerability from nvd – Published: 2026-02-27 07:30 – Updated: 2026-03-06 18:50
    VLAI
    Title
    Org.keycloak/keycloak-services: keycloak: unauthorized modification of unmanaged user attributes by administrators
    Summary
    A flaw was found in Keycloak. An administrator with `manage-users` permission can bypass the "Only administrators can view" setting for unmanaged attributes, allowing them to modify these attributes. This improper access control can lead to unauthorized changes to user profiles, even when the system is configured to restrict such modifications.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-266 - Incorrect Privilege Assignment
    Assigner
    References
    URL Tags
    https://access.redhat.com/errata/RHSA-2026:2365 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:2366 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/security/cve/CVE-2026-0871 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=2428881 issue-trackingx_refsource_REDHAT
    Impacted products
    Vendor Product Version
    Red Hat Red Hat build of Keycloak 26.4 Unaffected: 26.4.9-1 , < * (rpm)
        cpe:/a:redhat:build_keycloak:26.4::el9
    Create a notification for this product.
    Red Hat Red Hat build of Keycloak 26.4 Unaffected: 26.4-11 , < * (rpm)
        cpe:/a:redhat:build_keycloak:26.4::el9
    Create a notification for this product.
    Red Hat Red Hat build of Keycloak 26.4 Unaffected: 26.4-10 , < * (rpm)
        cpe:/a:redhat:build_keycloak:26.4::el9
    Create a notification for this product.
    Red Hat Red Hat build of Keycloak 26.4.9     cpe:/a:redhat:build_keycloak:26.4::el9
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8     cpe:/a:redhat:jboss_enterprise_application_platform:8
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform Expansion Pack     cpe:/a:redhat:jbosseapxp
    Create a notification for this product.
    Red Hat Red Hat Single Sign-On 7     cpe:/a:redhat:red_hat_single_sign_on:7
    Create a notification for this product.
    Date Public
    2025-01-13 08:08
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-0871",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-27T16:51:23.992734Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-06T18:50:44.774Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:build_keycloak:26.4::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "rhbk/keycloak-operator-bundle",
              "product": "Red Hat build of Keycloak 26.4",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "26.4.9-1",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:build_keycloak:26.4::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "rhbk/keycloak-rhel9",
              "product": "Red Hat build of Keycloak 26.4",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "26.4-11",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:build_keycloak:26.4::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "rhbk/keycloak-rhel9-operator",
              "product": "Red Hat build of Keycloak 26.4",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "26.4-10",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:build_keycloak:26.4::el9"
              ],
              "defaultStatus": "unaffected",
              "packageName": "rhbk/keycloak-rhel9",
              "product": "Red Hat build of Keycloak 26.4.9",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8"
              ],
              "defaultStatus": "affected",
              "packageName": "keycloak-services",
              "product": "Red Hat JBoss Enterprise Application Platform 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
              "cpes": [
                "cpe:/a:redhat:jbosseapxp"
              ],
              "defaultStatus": "affected",
              "packageName": "keycloak-services",
              "product": "Red Hat JBoss Enterprise Application Platform Expansion Pack",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:red_hat_single_sign_on:7"
              ],
              "defaultStatus": "affected",
              "packageName": "keycloak-services",
              "product": "Red Hat Single Sign-On 7",
              "vendor": "Red Hat"
            }
          ],
          "datePublic": "2025-01-13T08:08:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in Keycloak. An administrator with `manage-users` permission can bypass the \"Only administrators can view\" setting for unmanaged attributes, allowing them to modify these attributes. This improper access control can lead to unauthorized changes to user profiles, even when the system is configured to restrict such modifications."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Moderate"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-266",
                  "description": "Incorrect Privilege Assignment",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-27T07:30:26.766Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2026:2365",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:2365"
            },
            {
              "name": "RHSA-2026:2366",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:2366"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2026-0871"
            },
            {
              "name": "RHBZ#2428881",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2428881"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-01-13T08:32:26.428Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2025-01-13T08:08:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Org.keycloak/keycloak-services: keycloak: unauthorized modification of unmanaged user attributes by administrators",
          "workarounds": [
            {
              "lang": "en",
              "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-266: Incorrect Privilege Assignment"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2026-0871",
        "datePublished": "2026-02-27T07:30:26.766Z",
        "dateReserved": "2026-01-13T08:41:28.810Z",
        "dateUpdated": "2026-03-06T18:50:44.774Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-8419 (GCVE-0-2025-8419)

    Vulnerability from nvd – Published: 2025-08-06 17:10 – Updated: 2026-01-08 02:59
    VLAI
    Title
    Org.keycloak/keycloak-services: keycloak smtp inject vulnerability
    Summary
    A vulnerability was found in Keycloak-services. Special characters used during e-mail registration may perform SMTP Injection and unexpectedly send short unwanted e-mails. The email is limited to 64 characters (limited local part of the email), so the attack is limited to very shorts emails (subject and little data, the example is 60 chars). This flaw's only direct consequence is an unsolicited email being sent from the Keycloak server. However, this action could be a precursor for more sophisticated attacks.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-93 - Improper Neutralization of CRLF Sequences ('CRLF Injection')
    Assigner
    References
    URL Tags
    https://access.redhat.com/errata/RHSA-2025:15336 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:15337 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:15338 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:15339 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/security/cve/CVE-2025-8419 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=2385776 issue-trackingx_refsource_REDHAT
    Impacted products
    Vendor Product Version
    Keycloak keycloak Affected: 0 , < 26.3.3 (semver)
    Create a notification for this product.
    Red Hat Red Hat build of Keycloak 26.0     cpe:/a:redhat:build_keycloak:26.0
    Create a notification for this product.
    Red Hat Red Hat build of Keycloak 26.0 Unaffected: 26.0.15-1 , < * (rpm)
        cpe:/a:redhat:build_keycloak:26.0::el9
    Create a notification for this product.
    Red Hat Red Hat build of Keycloak 26.0 Unaffected: 26.0-18 , < * (rpm)
        cpe:/a:redhat:build_keycloak:26.0::el9
    Create a notification for this product.
    Red Hat Red Hat build of Keycloak 26.0 Unaffected: 26.0-19 , < * (rpm)
        cpe:/a:redhat:build_keycloak:26.0::el9
    Create a notification for this product.
    Red Hat Red Hat build of Keycloak 26.2     cpe:/a:redhat:build_keycloak:26.2
    Create a notification for this product.
    Red Hat Red Hat build of Keycloak 26.2 Unaffected: 26.2.8-1 , < * (rpm)
        cpe:/a:redhat:build_keycloak:26.2::el9
    Create a notification for this product.
    Red Hat Red Hat build of Keycloak 26.2 Unaffected: 26.2-8 , < * (rpm)
        cpe:/a:redhat:build_keycloak:26.2::el9
    Create a notification for this product.
    Date Public
    2025-08-06 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-8419",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-08-06T17:23:42.798821Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-08-06T17:23:54.030Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://github.com/keycloak/keycloak",
              "defaultStatus": "unaffected",
              "packageName": "keycloak",
              "product": "keycloak",
              "vendor": "Keycloak",
              "versions": [
                {
                  "lessThan": "26.3.3",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:build_keycloak:26.0"
              ],
              "defaultStatus": "unaffected",
              "packageName": "org.keycloak/keycloak-services",
              "product": "Red Hat build of Keycloak 26.0",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:build_keycloak:26.0::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "rhbk/keycloak-operator-bundle",
              "product": "Red Hat build of Keycloak 26.0",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "26.0.15-1",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:build_keycloak:26.0::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "rhbk/keycloak-rhel9",
              "product": "Red Hat build of Keycloak 26.0",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "26.0-18",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:build_keycloak:26.0::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "rhbk/keycloak-rhel9-operator",
              "product": "Red Hat build of Keycloak 26.0",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "26.0-19",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:build_keycloak:26.2"
              ],
              "defaultStatus": "unaffected",
              "packageName": "org.keycloak/keycloak-services",
              "product": "Red Hat build of Keycloak 26.2",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:build_keycloak:26.2::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "rhbk/keycloak-operator-bundle",
              "product": "Red Hat build of Keycloak 26.2",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "26.2.8-1",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:build_keycloak:26.2::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "rhbk/keycloak-rhel9",
              "product": "Red Hat build of Keycloak 26.2",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "26.2-8",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:build_keycloak:26.2::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "rhbk/keycloak-rhel9-operator",
              "product": "Red Hat build of Keycloak 26.2",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "26.2-8",
                  "versionType": "rpm"
                }
              ]
            }
          ],
          "datePublic": "2025-08-06T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was found in Keycloak-services. Special characters used during e-mail registration may perform SMTP Injection and unexpectedly send short unwanted e-mails. The email is limited to 64 characters (limited local part of the email), so the attack is limited to very shorts emails (subject and little data, the example is 60 chars). This flaw\u0027s only direct consequence is an unsolicited email being sent from the Keycloak server. However, this action could be a precursor for more sophisticated attacks."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Moderate"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-93",
                  "description": "Improper Neutralization of CRLF Sequences (\u0027CRLF Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-01-08T02:59:54.153Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2025:15336",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:15336"
            },
            {
              "name": "RHSA-2025:15337",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:15337"
            },
            {
              "name": "RHSA-2025:15338",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:15338"
            },
            {
              "name": "RHSA-2025:15339",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:15339"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2025-8419"
            },
            {
              "name": "RHBZ#2385776",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2385776"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-07-31T14:11:31.674Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2025-08-06T00:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Org.keycloak/keycloak-services: keycloak smtp inject vulnerability",
          "workarounds": [
            {
              "lang": "en",
              "value": "Currently, no mitigation is available for this vulnerability."
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-93: Improper Neutralization of CRLF Sequences (\u0027CRLF Injection\u0027)"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2025-8419",
        "datePublished": "2025-08-06T17:10:02.560Z",
        "dateReserved": "2025-07-31T14:26:59.052Z",
        "dateUpdated": "2026-01-08T02:59:54.153Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-7365 (GCVE-0-2025-7365)

    Vulnerability from nvd – Published: 2025-07-10 14:20 – Updated: 2026-05-06 16:48
    VLAI
    Title
    Keycloak: phishing attack via email verification step in first login flow
    Summary
    A flaw was found in Keycloak. When an authenticated attacker attempts to merge accounts with another existing account during an identity provider (IdP) login, the attacker will subsequently be prompted to "review profile" information. This vulnerability allows the attacker to modify their email address to match that of a victim's account, triggering a verification email sent to the victim's email address. The attacker's email address is not present in the verification email content, making it a potential phishing opportunity. If the victim clicks the verification link, the attacker can gain access to the victim's account.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-346 - Origin Validation Error
    Assigner
    Impacted products
    Vendor Product Version
    Affected: 0 , < 26.0.13 (semver)
    Unknown: 26.1.0 , < 26.1.* (semver)
    Affected: 26.2.0 , < 26.2.6 (semver)
    Red Hat Red Hat build of Keycloak 26     cpe:/a:redhat:build_keycloak:26.0::el9
    Create a notification for this product.
    Red Hat Red Hat build of Keycloak 26     cpe:/a:redhat:build_keycloak:26.2::el9
    Create a notification for this product.
    Red Hat Red Hat build of Keycloak 26.0 Unaffected: 26.0.13-2 , < * (rpm)
        cpe:/a:redhat:build_keycloak:26.0::el9
    Create a notification for this product.
    Red Hat Red Hat build of Keycloak 26.0 Unaffected: 26.0-16 , < * (rpm)
        cpe:/a:redhat:build_keycloak:26.0::el9
    Create a notification for this product.
    Red Hat Red Hat build of Keycloak 26.0 Unaffected: 26.0-17 , < * (rpm)
        cpe:/a:redhat:build_keycloak:26.0::el9
    Create a notification for this product.
    Red Hat Red Hat build of Keycloak 26.2 Unaffected: 26.2.6-1 , < * (rpm)
        cpe:/a:redhat:build_keycloak:26.2::el9
    Create a notification for this product.
    Red Hat Red Hat build of Keycloak 26.2 Unaffected: 26.2-6 , < * (rpm)
        cpe:/a:redhat:build_keycloak:26.2::el9
    Create a notification for this product.
    Date Public
    2025-06-20 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-7365",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-07-10T20:16:26.504640Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-07-10T20:16:34.172Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://github.com/keycloak/keycloak/",
              "defaultStatus": "unaffected",
              "packageName": "keycloak",
              "versions": [
                {
                  "lessThan": "26.0.13",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "26.1.*",
                  "status": "unknown",
                  "version": "26.1.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "26.2.6",
                  "status": "affected",
                  "version": "26.2.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:build_keycloak:26.0::el9"
              ],
              "defaultStatus": "unaffected",
              "packageName": "org.keycloak/keycloak-services",
              "product": "Red Hat build of Keycloak 26",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:build_keycloak:26.2::el9"
              ],
              "defaultStatus": "unaffected",
              "packageName": "org.keycloak/keycloak-services",
              "product": "Red Hat build of Keycloak 26",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:build_keycloak:26.0::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "rhbk/keycloak-operator-bundle",
              "product": "Red Hat build of Keycloak 26.0",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "26.0.13-2",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:build_keycloak:26.0::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "rhbk/keycloak-rhel9",
              "product": "Red Hat build of Keycloak 26.0",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "26.0-16",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:build_keycloak:26.0::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "rhbk/keycloak-rhel9-operator",
              "product": "Red Hat build of Keycloak 26.0",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "26.0-17",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:build_keycloak:26.2::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "rhbk/keycloak-operator-bundle",
              "product": "Red Hat build of Keycloak 26.2",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "26.2.6-1",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:build_keycloak:26.2::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "rhbk/keycloak-rhel9",
              "product": "Red Hat build of Keycloak 26.2",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "26.2-6",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:build_keycloak:26.2::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "rhbk/keycloak-rhel9-operator",
              "product": "Red Hat build of Keycloak 26.2",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "26.2-6",
                  "versionType": "rpm"
                }
              ]
            }
          ],
          "datePublic": "2025-06-20T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in Keycloak. When an authenticated attacker attempts to merge accounts with another existing account during an identity provider (IdP) login, the attacker will subsequently be prompted to \"review profile\" information. This vulnerability allows the attacker to modify their email address to match that of a victim\u0027s account, triggering a verification email sent to the victim\u0027s email address. The attacker\u0027s email address is not present in the verification email content, making it a potential phishing opportunity. If the victim clicks the verification link, the attacker can gain access to the victim\u0027s account."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Moderate"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-346",
                  "description": "Origin Validation Error",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-06T16:48:53.236Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2025:11986",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:11986"
            },
            {
              "name": "RHSA-2025:11987",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:11987"
            },
            {
              "name": "RHSA-2025:12015",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:12015"
            },
            {
              "name": "RHSA-2025:12016",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:12016"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2025-7365"
            },
            {
              "name": "RHBZ#2378852",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2378852"
            },
            {
              "url": "https://github.com/keycloak/keycloak/issues/40446"
            },
            {
              "url": "https://github.com/keycloak/keycloak/pull/40520"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-07-08T18:35:00.135Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2025-06-20T00:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Keycloak: phishing attack via email verification step in first login flow",
          "workarounds": [
            {
              "lang": "en",
              "value": "Disable account review in the Identity Provider to prevent users from potentially modifying identity information. Disable the email verification step and use only re-authentication step."
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-346: Origin Validation Error"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2025-7365",
        "datePublished": "2025-07-10T14:20:45.775Z",
        "dateReserved": "2025-07-08T18:22:15.734Z",
        "dateUpdated": "2026-05-06T16:48:53.236Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-5416 (GCVE-0-2025-5416)

    Vulnerability from nvd – Published: 2025-06-20 16:04 – Updated: 2025-11-21 07:36
    VLAI
    Title
    Keycloak-core: keycloak environment information
    Summary
    A vulnerability has been identified in Keycloak that could lead to unauthorized information disclosure. While it requires an already authenticated user, the /admin/serverinfo endpoint can inadvertently provide sensitive environment information.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-497 - Exposure of Sensitive System Information to an Unauthorized Control Sphere
    Assigner
    References
    URL Tags
    https://access.redhat.com/security/cve/CVE-2025-5416 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=2369601 issue-trackingx_refsource_REDHAT
    Impacted products
    Vendor Product Version
    Red Hat Red Hat Build of Keycloak     cpe:/a:redhat:build_keycloak:
    Create a notification for this product.
    Date Public
    2025-06-19 03:46
    Credits
    Red Hat would like to thank Ibrahim Khorwat (Almadar Aljadid) and Murad Baggas (Almadar Aljadid) for reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-5416",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-06-20T17:18:46.882463Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-06-20T17:19:47.826Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:build_keycloak:"
              ],
              "defaultStatus": "affected",
              "packageName": "keycloak",
              "product": "Red Hat Build of Keycloak",
              "vendor": "Red Hat"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Red Hat would like to thank Ibrahim Khorwat (Almadar Aljadid) and Murad Baggas (Almadar Aljadid) for reporting this issue."
            }
          ],
          "datePublic": "2025-06-19T03:46:39.314Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability has been identified in Keycloak that could lead to unauthorized information disclosure. While it requires an already authenticated user, the /admin/serverinfo endpoint can inadvertently provide sensitive environment information."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Low"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 2.7,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-497",
                  "description": "Exposure of Sensitive System Information to an Unauthorized Control Sphere",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-21T07:36:39.759Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2025-5416"
            },
            {
              "name": "RHBZ#2369601",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2369601"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-05-31T22:27:15.422Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2025-06-19T03:46:39.314Z",
              "value": "Made public."
            }
          ],
          "title": "Keycloak-core: keycloak environment information",
          "workarounds": [
            {
              "lang": "en",
              "value": "Currently, no mitigation is available for this vulnerability."
            }
          ],
          "x_redhatCweChain": "CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2025-5416",
        "datePublished": "2025-06-20T16:04:05.694Z",
        "dateReserved": "2025-05-31T22:31:34.145Z",
        "dateUpdated": "2025-11-21T07:36:39.759Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-6841 (GCVE-0-2023-6841)

    Vulnerability from nvd – Published: 2024-09-10 16:15 – Updated: 2025-11-08 07:10
    VLAI
    Title
    Keycloak: amount of attributes per object is not limited and it may lead to dos
    Summary
    A denial of service vulnerability was found in keycloak where the amount of attributes per object is not limited,an attacker by sending repeated HTTP requests could cause a resource exhaustion when the application send back rows with long attribute values.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-231 - Improper Handling of Extra Values
    Assigner
    References
    URL Tags
    https://access.redhat.com/security/cve/CVE-2023-6841 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=2254714 issue-trackingx_refsource_REDHAT
    Impacted products
    Vendor Product Version
    Affected: 0 , < 24.0.0 (semver)
    Red Hat Red Hat build of Quarkus     cpe:/a:redhat:openshift_application_runtimes:1.0
    Create a notification for this product.
    Red Hat Red Hat Fuse 7     cpe:/a:redhat:jboss_fuse:7
    Create a notification for this product.
    Red Hat Red Hat Mobile Application Platform 4     cpe:/a:redhat:mobile_application_platform:4
    Create a notification for this product.
    Red Hat Red Hat OpenShift Application Runtimes     cpe:/a:redhat:openshift_application_runtimes:1.0
    Create a notification for this product.
    Red Hat Red Hat Process Automation 7     cpe:/a:redhat:jboss_enterprise_bpms_platform:7
    Create a notification for this product.
    Red Hat Red Hat Single Sign-On 7     cpe:/a:redhat:red_hat_single_sign_on:7
    Create a notification for this product.
    Red Hat Red Hat support for Spring Boot     cpe:/a:redhat:openshift_application_runtimes:1.0
    Create a notification for this product.
    Date Public
    2024-09-10 15:45
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-6841",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-01T20:20:35.831984Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-01T20:20:45.372Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://github.com/keycloak/keycloak",
              "defaultStatus": "unaffected",
              "packageName": "keycloak",
              "versions": [
                {
                  "lessThan": "24.0.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift_application_runtimes:1.0"
              ],
              "defaultStatus": "unaffected",
              "packageName": "keycloak",
              "product": "Red Hat build of Quarkus",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_fuse:7"
              ],
              "defaultStatus": "unaffected",
              "packageName": "keycloak",
              "product": "Red Hat Fuse 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:mobile_application_platform:4"
              ],
              "defaultStatus": "unaffected",
              "packageName": "keycloak",
              "product": "Red Hat Mobile Application Platform 4",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift_application_runtimes:1.0"
              ],
              "defaultStatus": "unaffected",
              "packageName": "keycloak",
              "product": "Red Hat OpenShift Application Runtimes",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_bpms_platform:7"
              ],
              "defaultStatus": "unaffected",
              "packageName": "keycloak",
              "product": "Red Hat Process Automation 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:red_hat_single_sign_on:7"
              ],
              "defaultStatus": "affected",
              "packageName": "rh-sso7-keycloak",
              "product": "Red Hat Single Sign-On 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift_application_runtimes:1.0"
              ],
              "defaultStatus": "unaffected",
              "packageName": "keycloak",
              "product": "Red Hat support for Spring Boot",
              "vendor": "Red Hat"
            }
          ],
          "datePublic": "2024-09-10T15:45:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A denial of service vulnerability was found in keycloak where the amount of attributes per object is not limited,an attacker by sending repeated HTTP requests could cause a resource exhaustion when the application send back rows with long attribute values."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Moderate"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-231",
                  "description": "Improper Handling of Extra Values",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-08T07:10:39.283Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2023-6841"
            },
            {
              "name": "RHBZ#2254714",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254714"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2023-12-15T00:00:00.000Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2024-09-10T15:45:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Keycloak: amount of attributes per object is not limited and it may lead to dos",
          "workarounds": [
            {
              "lang": "en",
              "value": "This CVE is mitigated by the \u0027User Profile\u0027 functionality, which was introduced in Keycloak 24. This feature introduces additional validation which prevents this vulnerability from being exploited."
            }
          ],
          "x_redhatCweChain": "CWE-231: Improper Handling of Extra Values"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2023-6841",
        "datePublished": "2024-09-10T16:15:32.639Z",
        "dateReserved": "2023-12-15T12:33:39.292Z",
        "dateUpdated": "2025-11-08T07:10:39.283Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-7341 (GCVE-0-2024-7341)

    Vulnerability from nvd – Published: 2024-09-09 18:51 – Updated: 2026-04-01 13:28
    VLAI
    Title
    Wildfly-elytron: org.keycloak/keycloak-services: session fixation in elytron saml adapters
    Summary
    A session fixation issue was discovered in the SAML adapters provided by Keycloak. The session ID and JSESSIONID cookie are not changed at login time, even when the turnOffChangeSessionIdOnLogin option is configured. This flaw allows an attacker who hijacks the current session before authentication to trigger session fixation.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://access.redhat.com/errata/RHSA-2024:6493 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:6494 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:6495 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:6497 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:6499 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:6500 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:6501 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:6502 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:6503 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/security/cve/CVE-2024-7341 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=2302064 issue-trackingx_refsource_REDHAT
    https://github.com/advisories/GHSA-j76j-rqwj-jmvv
    Impacted products
    Vendor Product Version
    Affected: 0 , < 22.0.12 (semver)
    Affected: 23.0.0 , < 24.0.7 (semver)
    Affected: 25.0.0 , < 25.0.5 (semver)
    Red Hat Red Hat Build of Keycloak     cpe:/a:redhat:build_keycloak:22
    Create a notification for this product.
    Red Hat Red Hat Build of Keycloak     cpe:/a:redhat:build_keycloak:24
    Create a notification for this product.
    Red Hat Red Hat build of Keycloak 22 Unaffected: 22.0.12-1 , < * (rpm)
        cpe:/a:redhat:build_keycloak:22::el9
    Create a notification for this product.
    Red Hat Red Hat build of Keycloak 22 Unaffected: 22-17 , < * (rpm)
        cpe:/a:redhat:build_keycloak:22::el9
    Create a notification for this product.
    Red Hat Red Hat build of Keycloak 22 Unaffected: 22-20 , < * (rpm)
        cpe:/a:redhat:build_keycloak:22::el9
    Create a notification for this product.
    Red Hat Red Hat build of Keycloak 24 Unaffected: 24.0.7-4 , < * (rpm)
        cpe:/a:redhat:build_keycloak:24::el9
    Create a notification for this product.
    Red Hat Red Hat build of Keycloak 24 Unaffected: 24-16 , < * (rpm)
        cpe:/a:redhat:build_keycloak:24::el9
    Create a notification for this product.
    Red Hat Red Hat Single Sign-On 7     cpe:/a:redhat:red_hat_single_sign_on:7.6
    Create a notification for this product.
    Red Hat Red Hat Single Sign-On 7.6 for RHEL 7 Unaffected: 0:18.0.16-1.redhat_00001.1.el7sso , < * (rpm)
        cpe:/a:redhat:red_hat_single_sign_on:7.6::el7
    Create a notification for this product.
    Red Hat Red Hat Single Sign-On 7.6 for RHEL 8 Unaffected: 0:18.0.16-1.redhat_00001.1.el8sso , < * (rpm)
        cpe:/a:redhat:red_hat_single_sign_on:7.6::el8
    Create a notification for this product.
    Red Hat Red Hat Single Sign-On 7.6 for RHEL 9 Unaffected: 0:18.0.16-1.redhat_00001.1.el9sso , < * (rpm)
        cpe:/a:redhat:red_hat_single_sign_on:7.6::el9
    Create a notification for this product.
    Red Hat RHEL-8 based Middleware Containers Unaffected: 7.6-52 , < * (rpm)
        cpe:/a:redhat:rhosemc:1.0::el8
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8     cpe:/a:redhat:jboss_enterprise_application_platform:8
    Create a notification for this product.
    Date Public
    2024-09-09 13:48
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-7341",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-09T19:59:06.075961Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-09T19:59:16.927Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://github.com/keycloak/keycloak",
              "defaultStatus": "unaffected",
              "packageName": "org.keycloak:keycloak-services",
              "versions": [
                {
                  "lessThan": "22.0.12",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "24.0.7",
                  "status": "affected",
                  "version": "23.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "25.0.5",
                  "status": "affected",
                  "version": "25.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:build_keycloak:22"
              ],
              "defaultStatus": "unaffected",
              "packageName": "org.keycloak/keycloak-services",
              "product": "Red Hat Build of Keycloak",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:build_keycloak:24"
              ],
              "defaultStatus": "unaffected",
              "packageName": "org.keycloak/keycloak-services",
              "product": "Red Hat Build of Keycloak",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:build_keycloak:22::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "rhbk/keycloak-operator-bundle",
              "product": "Red Hat build of Keycloak 22",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "22.0.12-1",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:build_keycloak:22::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "rhbk/keycloak-rhel9",
              "product": "Red Hat build of Keycloak 22",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "22-17",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:build_keycloak:22::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "rhbk/keycloak-rhel9-operator",
              "product": "Red Hat build of Keycloak 22",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "22-20",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:build_keycloak:24::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "rhbk/keycloak-operator-bundle",
              "product": "Red Hat build of Keycloak 24",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "24.0.7-4",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:build_keycloak:24::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "rhbk/keycloak-rhel9",
              "product": "Red Hat build of Keycloak 24",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "24-16",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:build_keycloak:24::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "rhbk/keycloak-rhel9-operator",
              "product": "Red Hat build of Keycloak 24",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "24-16",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:red_hat_single_sign_on:7.6"
              ],
              "defaultStatus": "unaffected",
              "packageName": "org.keycloak/keycloak-services",
              "product": "Red Hat Single Sign-On 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:red_hat_single_sign_on:7.6::el7"
              ],
              "defaultStatus": "affected",
              "packageName": "rh-sso7-keycloak",
              "product": "Red Hat Single Sign-On 7.6 for RHEL 7",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:18.0.16-1.redhat_00001.1.el7sso",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:red_hat_single_sign_on:7.6::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "rh-sso7-keycloak",
              "product": "Red Hat Single Sign-On 7.6 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:18.0.16-1.redhat_00001.1.el8sso",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:red_hat_single_sign_on:7.6::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "rh-sso7-keycloak",
              "product": "Red Hat Single Sign-On 7.6 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:18.0.16-1.redhat_00001.1.el9sso",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:rhosemc:1.0::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "rh-sso-7/sso76-openshift-rhel8",
              "product": "RHEL-8 based Middleware Containers",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "7.6-52",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8"
              ],
              "defaultStatus": "unknown",
              "packageName": "keycloak-services",
              "product": "Red Hat JBoss Enterprise Application Platform 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8"
              ],
              "defaultStatus": "affected",
              "packageName": "org.keycloak/keycloak-services",
              "product": "Red Hat JBoss Enterprise Application Platform 8",
              "vendor": "Red Hat"
            }
          ],
          "datePublic": "2024-09-09T13:48:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A session fixation issue was discovered in the SAML adapters provided by Keycloak. The session ID and JSESSIONID cookie are not changed at login time, even when the turnOffChangeSessionIdOnLogin option is configured. This flaw allows an attacker who hijacks the current session before authentication to trigger session fixation."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Moderate"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-384",
                  "description": "Session Fixation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-01T13:28:23.282Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2024:6493",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:6493"
            },
            {
              "name": "RHSA-2024:6494",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:6494"
            },
            {
              "name": "RHSA-2024:6495",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:6495"
            },
            {
              "name": "RHSA-2024:6497",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:6497"
            },
            {
              "name": "RHSA-2024:6499",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:6499"
            },
            {
              "name": "RHSA-2024:6500",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:6500"
            },
            {
              "name": "RHSA-2024:6501",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:6501"
            },
            {
              "name": "RHSA-2024:6502",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:6502"
            },
            {
              "name": "RHSA-2024:6503",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:6503"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2024-7341"
            },
            {
              "name": "RHBZ#2302064",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2302064"
            },
            {
              "url": "https://github.com/advisories/GHSA-j76j-rqwj-jmvv"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-07-31T15:02:21.000Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2024-09-09T13:48:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Wildfly-elytron: org.keycloak/keycloak-services: session fixation in elytron saml adapters",
          "workarounds": [
            {
              "lang": "en",
              "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-384: Session Fixation"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2024-7341",
        "datePublished": "2024-09-09T18:51:13.537Z",
        "dateReserved": "2024-07-31T15:13:22.220Z",
        "dateUpdated": "2026-04-01T13:28:23.282Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-7260 (GCVE-0-2024-7260)

    Vulnerability from nvd – Published: 2024-09-09 18:49 – Updated: 2026-01-23 17:00
    VLAI
    Title
    Keycloak-core: open redirect on account page
    Summary
    An open redirect vulnerability was found in Keycloak. A specially crafted URL can be constructed where the referrer and referrer_uri parameters are made to trick a user to visit a malicious webpage. A trusted URL can trick users and automation into believing that the URL is safe, when, in fact, it redirects to a malicious server. This issue can result in a victim inadvertently trusting the destination of the redirect, potentially leading to a successful phishing attack or other types of attacks. Once a crafted URL is made, it can be sent to a Keycloak admin via email for example. This will trigger this vulnerability when the user visits the page and clicks the link. A malicious actor can use this to target users they know are Keycloak admins for further attacks. It may also be possible to bypass other domain-related security checks, such as supplying this as a OAuth redirect uri. The malicious actor can further obfuscate the redirect_uri using URL encoding, to hide the text of the actual malicious website domain.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')
    Assigner
    References
    URL Tags
    https://access.redhat.com/errata/RHSA-2024:6502 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:6503 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/security/cve/CVE-2024-7260 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=2301875 issue-trackingx_refsource_REDHAT
    Impacted products
    Vendor Product Version
    Affected: 0 , < 24.0.7 (semver)
    Red Hat Red Hat Build of Keycloak     cpe:/a:redhat:build_keycloak:24
    Create a notification for this product.
    Red Hat Red Hat build of Keycloak 24 Unaffected: 24.0.7-4 , < * (rpm)
        cpe:/a:redhat:build_keycloak:24::el9
    Create a notification for this product.
    Red Hat Red Hat build of Keycloak 24 Unaffected: 24-16 , < * (rpm)
        cpe:/a:redhat:build_keycloak:24::el9
    Create a notification for this product.
    Date Public
    2024-09-09 13:55
    Credits
    This issue was discovered by Todd Cullum (Red Hat).
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-7260",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-09T19:13:21.486531Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-09T19:13:53.628Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://github.com/keycloak/keycloak",
              "defaultStatus": "unaffected",
              "packageName": "keycloak",
              "versions": [
                {
                  "lessThan": "24.0.7",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:build_keycloak:24"
              ],
              "defaultStatus": "unaffected",
              "packageName": "keycloak-core",
              "product": "Red Hat Build of Keycloak",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:build_keycloak:24::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "rhbk/keycloak-operator-bundle",
              "product": "Red Hat build of Keycloak 24",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "24.0.7-4",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:build_keycloak:24::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "rhbk/keycloak-rhel9",
              "product": "Red Hat build of Keycloak 24",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "24-16",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:build_keycloak:24::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "rhbk/keycloak-rhel9-operator",
              "product": "Red Hat build of Keycloak 24",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "24-16",
                  "versionType": "rpm"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "This issue was discovered by Todd Cullum (Red Hat)."
            }
          ],
          "datePublic": "2024-09-09T13:55:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "An open redirect vulnerability was found in Keycloak. A specially crafted URL can be constructed where the referrer and referrer_uri parameters are made to trick a user to visit a malicious webpage. A trusted URL can trick users and automation into believing that the URL is safe, when, in fact, it redirects to a malicious server. This issue can result in a victim inadvertently trusting the destination of the redirect, potentially leading to a successful phishing attack or other types of attacks.\r\n\r\nOnce a crafted URL is made, it can be sent to a Keycloak admin via email for example. This will trigger this vulnerability when the user visits the page and clicks the link. A malicious actor can use this to target users they know are Keycloak admins for further attacks. It may also be possible to bypass other domain-related security checks, such as supplying this as a OAuth redirect uri. The malicious actor can further obfuscate the redirect_uri using URL encoding, to hide the text of the actual malicious website domain."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Moderate"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-601",
                  "description": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-01-23T17:00:35.528Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2024:6502",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:6502"
            },
            {
              "name": "RHSA-2024:6503",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:6503"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2024-7260"
            },
            {
              "name": "RHBZ#2301875",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2301875"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-07-31T02:53:42.000Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2024-09-09T13:55:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Keycloak-core: open redirect on account page",
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-601: URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2024-7260",
        "datePublished": "2024-09-09T18:49:59.437Z",
        "dateReserved": "2024-07-30T02:24:02.197Z",
        "dateUpdated": "2026-01-23T17:00:35.528Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-4629 (GCVE-0-2024-4629)

    Vulnerability from nvd – Published: 2024-09-03 19:42 – Updated: 2026-03-26 23:13
    VLAI
    Title
    Keycloak: potential bypass of brute force protection
    Summary
    A vulnerability was found in Keycloak. This flaw allows attackers to bypass brute force protection by exploiting the timing of login attempts. By initiating multiple login requests simultaneously, attackers can exceed the configured limits for failed attempts before the system locks them out. This timing loophole enables attackers to make more guesses at passwords than intended, potentially compromising account security on affected systems.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-837 - Improper Enforcement of a Single, Unique Action
    Assigner
    Impacted products
    Vendor Product Version
    Affected: 24.0.3
    Red Hat Red Hat Build of Keycloak     cpe:/a:redhat:build_keycloak:22
    Create a notification for this product.
    Red Hat Red Hat build of Keycloak 22 Unaffected: 22.0.12-1 , < * (rpm)
        cpe:/a:redhat:build_keycloak:22::el9
    Create a notification for this product.
    Red Hat Red Hat build of Keycloak 22 Unaffected: 22-17 , < * (rpm)
        cpe:/a:redhat:build_keycloak:22::el9
    Create a notification for this product.
    Red Hat Red Hat build of Keycloak 22 Unaffected: 22-20 , < * (rpm)
        cpe:/a:redhat:build_keycloak:22::el9
    Create a notification for this product.
    Red Hat Red Hat Single Sign-On 7     cpe:/a:redhat:red_hat_single_sign_on:7.6
    Create a notification for this product.
    Red Hat Red Hat Single Sign-On 7.6 for RHEL 7 Unaffected: 0:18.0.16-1.redhat_00001.1.el7sso , < * (rpm)
        cpe:/a:redhat:red_hat_single_sign_on:7.6::el7
    Create a notification for this product.
    Red Hat Red Hat Single Sign-On 7.6 for RHEL 8 Unaffected: 0:18.0.16-1.redhat_00001.1.el8sso , < * (rpm)
        cpe:/a:redhat:red_hat_single_sign_on:7.6::el8
    Create a notification for this product.
    Red Hat Red Hat Single Sign-On 7.6 for RHEL 9 Unaffected: 0:18.0.16-1.redhat_00001.1.el9sso , < * (rpm)
        cpe:/a:redhat:red_hat_single_sign_on:7.6::el9
    Create a notification for this product.
    Red Hat RHEL-8 based Middleware Containers Unaffected: 7.6-52 , < * (rpm)
        cpe:/a:redhat:rhosemc:1.0::el8
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8     cpe:/a:redhat:jboss_enterprise_application_platform:8
    Create a notification for this product.
    Date Public
    2024-09-03 19:38
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-4629",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-03T20:20:28.329028Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-03T20:20:42.938Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-11-14T16:59:26.284Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "https://security.humanativaspa.it/an-analysis-of-the-keycloak-authentication-system/"
              },
              {
                "url": "https://github.com/hnsecurity/vulns/blob/main/HNS-2024-09-Keycloak.md"
              }
            ],
            "title": "CVE Program Container",
            "x_generator": {
              "engine": "ADPogram 0.0.1"
            }
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://github.com/keycloak/keycloak",
              "packageName": "keycloak",
              "versions": [
                {
                  "status": "affected",
                  "version": "24.0.3"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:build_keycloak:22"
              ],
              "defaultStatus": "unaffected",
              "packageName": "org.keycloak-keycloak-parent",
              "product": "Red Hat Build of Keycloak",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:build_keycloak:22::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "rhbk/keycloak-operator-bundle",
              "product": "Red Hat build of Keycloak 22",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "22.0.12-1",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:build_keycloak:22::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "rhbk/keycloak-rhel9",
              "product": "Red Hat build of Keycloak 22",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "22-17",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:build_keycloak:22::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "rhbk/keycloak-rhel9-operator",
              "product": "Red Hat build of Keycloak 22",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "22-20",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:red_hat_single_sign_on:7.6"
              ],
              "defaultStatus": "unaffected",
              "packageName": "org.keycloak-keycloak-parent",
              "product": "Red Hat Single Sign-On 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:red_hat_single_sign_on:7.6::el7"
              ],
              "defaultStatus": "affected",
              "packageName": "rh-sso7-keycloak",
              "product": "Red Hat Single Sign-On 7.6 for RHEL 7",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:18.0.16-1.redhat_00001.1.el7sso",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:red_hat_single_sign_on:7.6::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "rh-sso7-keycloak",
              "product": "Red Hat Single Sign-On 7.6 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:18.0.16-1.redhat_00001.1.el8sso",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:red_hat_single_sign_on:7.6::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "rh-sso7-keycloak",
              "product": "Red Hat Single Sign-On 7.6 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:18.0.16-1.redhat_00001.1.el9sso",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:rhosemc:1.0::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "rh-sso-7/sso76-openshift-rhel8",
              "product": "RHEL-8 based Middleware Containers",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "7.6-52",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8"
              ],
              "defaultStatus": "unaffected",
              "packageName": "org.keycloak-keycloak-parent",
              "product": "Red Hat JBoss Enterprise Application Platform 8",
              "vendor": "Red Hat"
            }
          ],
          "datePublic": "2024-09-03T19:38:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was found in Keycloak. This flaw allows attackers to bypass brute force protection by exploiting the timing of login attempts. By initiating multiple login requests simultaneously, attackers can exceed the configured limits for failed attempts before the system locks them out. This timing loophole enables attackers to make more guesses at passwords than intended, potentially compromising account security on affected systems."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Low"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-837",
                  "description": "Improper Enforcement of a Single, Unique Action",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-26T23:13:50.144Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2024:6493",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:6493"
            },
            {
              "name": "RHSA-2024:6494",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:6494"
            },
            {
              "name": "RHSA-2024:6495",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:6495"
            },
            {
              "name": "RHSA-2024:6497",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:6497"
            },
            {
              "name": "RHSA-2024:6499",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:6499"
            },
            {
              "name": "RHSA-2024:6500",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:6500"
            },
            {
              "name": "RHSA-2024:6501",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:6501"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2024-4629"
            },
            {
              "name": "RHBZ#2276761",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2276761"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-04-23T00:00:00.000Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2024-09-03T19:38:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Keycloak: potential bypass of brute force protection",
          "workarounds": [
            {
              "lang": "en",
              "value": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-837: Improper Enforcement of a Single, Unique Action"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2024-4629",
        "datePublished": "2024-09-03T19:42:01.318Z",
        "dateReserved": "2024-05-07T20:47:03.184Z",
        "dateUpdated": "2026-03-26T23:13:50.144Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-6787 (GCVE-0-2023-6787)

    Vulnerability from nvd – Published: 2024-04-25 16:02 – Updated: 2025-11-11 15:57
    VLAI
    Title
    Keycloak: session hijacking via re-authentication
    Summary
    A flaw was found in Keycloak that occurs from an error in the re-authentication mechanism within org.keycloak.authentication. This flaw allows hijacking an active Keycloak session by triggering a new authentication process with the query parameter "prompt=login," prompting the user to re-enter their credentials. If the user cancels this re-authentication by selecting "Restart login," an account takeover may occur, as the new session, with a different SUB, will possess the same SID as the previous session.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-287 - Improper Authentication
    Assigner
    References
    Impacted products
    Vendor Product Version
    Affected: 0 , < 22.0.10 (semver)
    Affected: 0 , < 24.0.3 (semver)
    Red Hat Red Hat build of Keycloak 22 Unaffected: 22.0.10-1 , < * (rpm)
        cpe:/a:redhat:build_keycloak:22::el9
    Create a notification for this product.
    Red Hat Red Hat build of Keycloak 22 Unaffected: 22-13 , < * (rpm)
        cpe:/a:redhat:build_keycloak:22::el9
    Create a notification for this product.
    Red Hat Red Hat build of Keycloak 22 Unaffected: 22-16 , < * (rpm)
        cpe:/a:redhat:build_keycloak:22::el9
    Create a notification for this product.
    Red Hat Red Hat build of Keycloak 22.0.10     cpe:/a:redhat:build_keycloak:22
    Create a notification for this product.
    Red Hat Red Hat Single Sign-On 7     cpe:/a:redhat:red_hat_single_sign_on:7
    Create a notification for this product.
    Date Public
    2024-02-21 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-6787",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-04-25T19:40:17.217959Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-287",
                    "description": "CWE-287 Improper Authentication",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-04T17:17:12.505Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T08:42:07.631Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "RHSA-2024:1867",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:1867"
              },
              {
                "name": "RHSA-2024:1868",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:1868"
              },
              {
                "tags": [
                  "vdb-entry",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2023-6787"
              },
              {
                "name": "RHBZ#2254375",
                "tags": [
                  "issue-tracking",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254375"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://github.com/keycloak/keycloak",
              "packageName": "keycloak",
              "versions": [
                {
                  "lessThan": "22.0.10",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "24.0.3",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:build_keycloak:22::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "rhbk/keycloak-operator-bundle",
              "product": "Red Hat build of Keycloak 22",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "22.0.10-1",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:build_keycloak:22::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "rhbk/keycloak-rhel9",
              "product": "Red Hat build of Keycloak 22",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "22-13",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:build_keycloak:22::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "rhbk/keycloak-rhel9-operator",
              "product": "Red Hat build of Keycloak 22",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "22-16",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:build_keycloak:22"
              ],
              "defaultStatus": "unaffected",
              "packageName": "keycloak-core",
              "product": "Red Hat build of Keycloak 22.0.10",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:red_hat_single_sign_on:7"
              ],
              "defaultStatus": "affected",
              "packageName": "rh-sso7-keycloak",
              "product": "Red Hat Single Sign-On 7",
              "vendor": "Red Hat"
            }
          ],
          "datePublic": "2024-02-21T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in Keycloak that occurs from an error in the re-authentication mechanism within org.keycloak.authentication. This flaw allows hijacking an active Keycloak session by triggering a new authentication process with the query parameter \"prompt=login,\" prompting the user to re-enter their credentials. If the user cancels this re-authentication by selecting \"Restart login,\" an account takeover may occur, as the new session, with a different SUB, will possess the same SID as the previous session."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Moderate"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-287",
                  "description": "Improper Authentication",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-11T15:57:32.291Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2024:1867",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:1867"
            },
            {
              "name": "RHSA-2024:1868",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:1868"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2023-6787"
            },
            {
              "name": "RHBZ#2254375",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254375"
            },
            {
              "url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-c9h6-v78w-52wj"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2023-05-03T00:00:00.000Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2024-02-21T00:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Keycloak: session hijacking via re-authentication",
          "x_redhatCweChain": "CWE-287: Improper Authentication"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2023-6787",
        "datePublished": "2024-04-25T16:02:32.916Z",
        "dateReserved": "2023-12-13T16:22:00.344Z",
        "dateUpdated": "2025-11-11T15:57:32.291Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-1132 (GCVE-0-2024-1132)

    Vulnerability from nvd – Published: 2024-04-17 13:21 – Updated: 2026-05-16 23:26
    VLAI
    Title
    Keycloak: path transversal in redirection validation
    Summary
    A flaw was found in Keycloak, where it does not properly validate URLs included in a redirect. This issue could allow an attacker to construct a malicious request to bypass validation and access other URLs and sensitive information within the domain or conduct further attacks. This flaw affects any client that utilizes a wildcard in the Valid Redirect URIs field, and requires user interaction within the malicious URL.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
    Assigner
    References
    URL Tags
    https://access.redhat.com/errata/RHSA-2024:1860 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:1861 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:1862 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:1864 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:1866 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:1867 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:1868 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:2945 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:3752 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:3762 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:3919 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:3989 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/security/cve/CVE-2024-1132 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=2262117 issue-trackingx_refsource_REDHAT
    Impacted products
    Vendor Product Version
    Affected: 21.1.0 , < 22.0.10 (semver)
    Affected: 23.0.0 , < 24.0.3 (semver)
    Red Hat Migration Toolkit for Runtimes 1 on RHEL 8 Unaffected: 1.2-23 , < * (rpm)
        cpe:/a:redhat:migration_toolkit_runtimes:1.0::el8
    Create a notification for this product.
    Red Hat Migration Toolkit for Runtimes 1 on RHEL 8 Unaffected: 1.2-15 , < * (rpm)
        cpe:/a:redhat:migration_toolkit_runtimes:1.0::el8
    Create a notification for this product.
    Red Hat Migration Toolkit for Runtimes 1 on RHEL 8 Unaffected: 1.2-16 , < * (rpm)
        cpe:/a:redhat:migration_toolkit_runtimes:1.0::el8
    Create a notification for this product.
    Red Hat Migration Toolkit for Runtimes 1 on RHEL 8 Unaffected: 1.2-14 , < * (rpm)
        cpe:/a:redhat:migration_toolkit_runtimes:1.0::el8
    Create a notification for this product.
    Red Hat MTA-6.2-RHEL-9 Unaffected: 6.2.3-2 , < * (rpm)
        cpe:/a:redhat:migration_toolkit_applications:6.2::el8
        cpe:/a:redhat:migration_toolkit_applications:6.2::el9
    Create a notification for this product.
    Red Hat Red Hat AMQ Broker 7     cpe:/a:redhat:amq_broker:7.10
    Create a notification for this product.
    Red Hat Red Hat AMQ Broker 7     cpe:/a:redhat:amq_broker:7.11
    Create a notification for this product.
    Red Hat Red Hat AMQ Broker 7     cpe:/a:redhat:amq_broker:7.12
    Create a notification for this product.
    Red Hat Red Hat build of Keycloak 22 Unaffected: 22.0.10-1 , < * (rpm)
        cpe:/a:redhat:build_keycloak:22::el9
    Create a notification for this product.
    Red Hat Red Hat build of Keycloak 22 Unaffected: 22-13 , < * (rpm)
        cpe:/a:redhat:build_keycloak:22::el9
    Create a notification for this product.
    Red Hat Red Hat build of Keycloak 22 Unaffected: 22-16 , < * (rpm)
        cpe:/a:redhat:build_keycloak:22::el9
    Create a notification for this product.
    Red Hat Red Hat build of Keycloak 22.0.10     cpe:/a:redhat:build_keycloak:22
    Create a notification for this product.
    Red Hat Red Hat Single Sign-On 7.6 for RHEL 7 Unaffected: 0:18.0.13-1.redhat_00001.1.el7sso , < * (rpm)
        cpe:/a:redhat:red_hat_single_sign_on:7.6::el7
    Create a notification for this product.
    Red Hat Red Hat Single Sign-On 7.6 for RHEL 8 Unaffected: 0:18.0.13-1.redhat_00001.1.el8sso , < * (rpm)
        cpe:/a:redhat:red_hat_single_sign_on:7.6::el8
    Create a notification for this product.
    Red Hat Red Hat Single Sign-On 7.6 for RHEL 9 Unaffected: 0:18.0.13-1.redhat_00001.1.el9sso , < * (rpm)
        cpe:/a:redhat:red_hat_single_sign_on:7.6::el9
    Create a notification for this product.
    Red Hat RHEL-8 based Middleware Containers Unaffected: 7.6-46 , < * (rpm)
        cpe:/a:redhat:rhosemc:1.0::el8
    Create a notification for this product.
    Red Hat RHSSO 7.6.8     cpe:/a:redhat:red_hat_single_sign_on:7.6
    Create a notification for this product.
    Red Hat Red Hat build of Apicurio Registry 2     cpe:/a:redhat:service_registry:2
    Create a notification for this product.
    Red Hat Red Hat build of Quarkus     cpe:/a:redhat:quarkus:2
    Create a notification for this product.
    Red Hat Red Hat build of Quarkus     cpe:/a:redhat:quarkus:3
    Create a notification for this product.
    Red Hat Red Hat Data Grid 8     cpe:/a:redhat:jboss_data_grid:8
    Create a notification for this product.
    Red Hat Red Hat Decision Manager 7     cpe:/a:redhat:jboss_enterprise_brms_platform:7
    Create a notification for this product.
    Red Hat Red Hat Fuse 7     cpe:/a:redhat:jboss_fuse:7
    Create a notification for this product.
    Red Hat Red Hat JBoss Data Grid 7     cpe:/a:redhat:jboss_data_grid:7
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 6     cpe:/a:redhat:jboss_enterprise_application_platform:6
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7     cpe:/a:redhat:jboss_enterprise_application_platform:7
    Create a notification for this product.
    Red Hat Red Hat Process Automation 7     cpe:/a:redhat:jboss_enterprise_bpms_platform:7
    Create a notification for this product.
    Date Public
    2024-04-16 00:00
    Credits
    Red Hat would like to thank Axel Flamcourt for reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-1132",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-04-23T18:37:10.567431Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-22",
                    "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-04T17:59:39.871Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T18:26:30.564Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "RHSA-2024:1860",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:1860"
              },
              {
                "name": "RHSA-2024:1861",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:1861"
              },
              {
                "name": "RHSA-2024:1862",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:1862"
              },
              {
                "name": "RHSA-2024:1864",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:1864"
              },
              {
                "name": "RHSA-2024:1866",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:1866"
              },
              {
                "name": "RHSA-2024:1867",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:1867"
              },
              {
                "name": "RHSA-2024:1868",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:1868"
              },
              {
                "name": "RHSA-2024:2945",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:2945"
              },
              {
                "name": "RHSA-2024:3752",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:3752"
              },
              {
                "name": "RHSA-2024:3762",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:3762"
              },
              {
                "name": "RHSA-2024:3919",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:3919"
              },
              {
                "name": "RHSA-2024:3989",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:3989"
              },
              {
                "tags": [
                  "vdb-entry",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2024-1132"
              },
              {
                "name": "RHBZ#2262117",
                "tags": [
                  "issue-tracking",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2262117"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://github.com/keycloak/keycloak",
              "defaultStatus": "unaffected",
              "packageName": "keycloak",
              "versions": [
                {
                  "lessThan": "22.0.10",
                  "status": "affected",
                  "version": "21.1.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "24.0.3",
                  "status": "affected",
                  "version": "23.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:migration_toolkit_runtimes:1.0::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "mtr/mtr-operator-bundle",
              "product": "Migration Toolkit for Runtimes 1 on RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1.2-23",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:migration_toolkit_runtimes:1.0::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "mtr/mtr-rhel8-operator",
              "product": "Migration Toolkit for Runtimes 1 on RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1.2-15",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:migration_toolkit_runtimes:1.0::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "mtr/mtr-web-container-rhel8",
              "product": "Migration Toolkit for Runtimes 1 on RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1.2-16",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:migration_toolkit_runtimes:1.0::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "mtr/mtr-web-executor-container-rhel8",
              "product": "Migration Toolkit for Runtimes 1 on RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1.2-14",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:migration_toolkit_applications:6.2::el8",
                "cpe:/a:redhat:migration_toolkit_applications:6.2::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "mta/mta-windup-addon-rhel9",
              "product": "MTA-6.2-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "6.2.3-2",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
              "cpes": [
                "cpe:/a:redhat:amq_broker:7.10"
              ],
              "defaultStatus": "unaffected",
              "product": "Red Hat AMQ Broker 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
              "cpes": [
                "cpe:/a:redhat:amq_broker:7.11"
              ],
              "defaultStatus": "unaffected",
              "packageName": "keycloak",
              "product": "Red Hat AMQ Broker 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
              "cpes": [
                "cpe:/a:redhat:amq_broker:7.12"
              ],
              "defaultStatus": "unaffected",
              "product": "Red Hat AMQ Broker 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:build_keycloak:22::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "rhbk/keycloak-operator-bundle",
              "product": "Red Hat build of Keycloak 22",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "22.0.10-1",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:build_keycloak:22::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "rhbk/keycloak-rhel9",
              "product": "Red Hat build of Keycloak 22",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "22-13",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:build_keycloak:22::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "rhbk/keycloak-rhel9-operator",
              "product": "Red Hat build of Keycloak 22",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "22-16",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:build_keycloak:22"
              ],
              "defaultStatus": "unaffected",
              "packageName": "keycloak",
              "product": "Red Hat build of Keycloak 22.0.10",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:red_hat_single_sign_on:7.6::el7"
              ],
              "defaultStatus": "affected",
              "packageName": "rh-sso7-keycloak",
              "product": "Red Hat Single Sign-On 7.6 for RHEL 7",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:18.0.13-1.redhat_00001.1.el7sso",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:red_hat_single_sign_on:7.6::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "rh-sso7-keycloak",
              "product": "Red Hat Single Sign-On 7.6 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:18.0.13-1.redhat_00001.1.el8sso",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:red_hat_single_sign_on:7.6::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "rh-sso7-keycloak",
              "product": "Red Hat Single Sign-On 7.6 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:18.0.13-1.redhat_00001.1.el9sso",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:rhosemc:1.0::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "rh-sso-7/sso76-openshift-rhel8",
              "product": "RHEL-8 based Middleware Containers",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "7.6-46",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:red_hat_single_sign_on:7.6"
              ],
              "defaultStatus": "unaffected",
              "packageName": "rh-sso7-keycloak",
              "product": "RHSSO 7.6.8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:service_registry:2"
              ],
              "defaultStatus": "affected",
              "packageName": "keycloak",
              "product": "Red Hat build of Apicurio Registry 2",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:quarkus:2"
              ],
              "defaultStatus": "affected",
              "packageName": "org.keycloak/keycloak-core",
              "product": "Red Hat build of Quarkus",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:quarkus:3"
              ],
              "defaultStatus": "affected",
              "packageName": "org.keycloak/keycloak-core",
              "product": "Red Hat build of Quarkus",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_data_grid:8"
              ],
              "defaultStatus": "unaffected",
              "packageName": "org.wildfly.security-wildfly-elytron-parent",
              "product": "Red Hat Data Grid 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_brms_platform:7"
              ],
              "defaultStatus": "unknown",
              "packageName": "keycloak",
              "product": "Red Hat Decision Manager 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_fuse:7"
              ],
              "defaultStatus": "affected",
              "packageName": "keycloak",
              "product": "Red Hat Fuse 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
              "cpes": [
                "cpe:/a:redhat:jboss_data_grid:7"
              ],
              "defaultStatus": "unaffected",
              "packageName": "keycloak",
              "product": "Red Hat JBoss Data Grid 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:6"
              ],
              "defaultStatus": "unknown",
              "packageName": "keycloak",
              "product": "Red Hat JBoss Enterprise Application Platform 6",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:7"
              ],
              "defaultStatus": "unaffected",
              "packageName": "keycloak-core",
              "product": "Red Hat JBoss Enterprise Application Platform 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_bpms_platform:7"
              ],
              "defaultStatus": "affected",
              "packageName": "keycloak",
              "product": "Red Hat Process Automation 7",
              "vendor": "Red Hat"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Red Hat would like to thank Axel Flamcourt for reporting this issue."
            }
          ],
          "datePublic": "2024-04-16T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in Keycloak, where it does not properly validate URLs included in a redirect. This issue could allow an attacker to construct a malicious request to bypass validation and access other URLs and sensitive information within the domain or conduct further attacks. This flaw affects any client that utilizes a wildcard in the Valid Redirect URIs field, and requires user interaction within the malicious URL."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Important"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 8.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-22",
                  "description": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-16T23:26:21.991Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2024:1860",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:1860"
            },
            {
              "name": "RHSA-2024:1861",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:1861"
            },
            {
              "name": "RHSA-2024:1862",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:1862"
            },
            {
              "name": "RHSA-2024:1864",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:1864"
            },
            {
              "name": "RHSA-2024:1866",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:1866"
            },
            {
              "name": "RHSA-2024:1867",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:1867"
            },
            {
              "name": "RHSA-2024:1868",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:1868"
            },
            {
              "name": "RHSA-2024:2945",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:2945"
            },
            {
              "name": "RHSA-2024:3752",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:3752"
            },
            {
              "name": "RHSA-2024:3762",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:3762"
            },
            {
              "name": "RHSA-2024:3919",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:3919"
            },
            {
              "name": "RHSA-2024:3989",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:3989"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2024-1132"
            },
            {
              "name": "RHBZ#2262117",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2262117"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-01-31T00:00:00.000Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2024-04-16T00:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Keycloak: path transversal in redirection validation",
          "workarounds": [
            {
              "lang": "en",
              "value": "No current mitigation is available for this vulnerability."
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2024-1132",
        "datePublished": "2024-04-17T13:21:19.130Z",
        "dateReserved": "2024-01-31T17:07:33.455Z",
        "dateUpdated": "2026-05-16T23:26:21.991Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-1722 (GCVE-0-2024-1722)

    Vulnerability from nvd – Published: 2024-02-27 17:39 – Updated: 2025-11-21 06:27
    VLAI
    Title
    Keycloak-core: dos via account lockout
    Summary
    A flaw was found in Keycloak. In certain conditions, this issue may allow a remote unauthenticated attacker to block other accounts from logging in.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-645 - Overly Restrictive Account Lockout Mechanism
    Assigner
    References
    URL Tags
    https://access.redhat.com/security/cve/CVE-2024-1722 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=2265389 issue-trackingx_refsource_REDHAT
    Impacted products
    Vendor Product Version
    Affected: 4.15.0
    Red Hat Red Hat Build of Keycloak     cpe:/a:redhat:build_keycloak:
    Create a notification for this product.
    Red Hat Red Hat Single Sign-On 7     cpe:/a:redhat:red_hat_single_sign_on:7
    Create a notification for this product.
    Date Public
    2024-02-21 00:00
    Credits
    Red Hat would like to thank Maor Abutbul (CyberArk) for reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-1722",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-02-29T20:52:47.119910Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-05T17:22:05.586Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T18:48:21.816Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2024-1722"
              },
              {
                "name": "RHBZ#2265389",
                "tags": [
                  "issue-tracking",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2265389"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://bitbucket.org/b_c/jose4j/src/master/",
              "defaultStatus": "unaffected",
              "packageName": "keycloak-core",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.15.0"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:build_keycloak:"
              ],
              "defaultStatus": "affected",
              "packageName": "keycloak-core",
              "product": "Red Hat Build of Keycloak",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:red_hat_single_sign_on:7"
              ],
              "defaultStatus": "affected",
              "packageName": "rh-sso7-keycloak",
              "product": "Red Hat Single Sign-On 7",
              "vendor": "Red Hat"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Red Hat would like to thank Maor Abutbul (CyberArk) for reporting this issue."
            }
          ],
          "datePublic": "2024-02-21T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in Keycloak. In certain conditions, this issue may allow a remote unauthenticated attacker to block other accounts from logging in."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Low"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 3.7,
                "baseSeverity": "LOW",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-645",
                  "description": "Overly Restrictive Account Lockout Mechanism",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-21T06:27:40.399Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2024-1722"
            },
            {
              "name": "RHBZ#2265389",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2265389"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-02-12T00:00:00.000Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2024-02-21T00:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Keycloak-core: dos via account lockout",
          "workarounds": [
            {
              "lang": "en",
              "value": "Red Hat Product Security is not aware of a way to completely mitigate this issue. However, the following techniques can be used to help prevent exploitation:\n- Put limits on frequency of account registration, restricting how often an attacker could utilize this attack \n- Restrict new account registration to not allow email addresses in the username field, for example, by not allowing the \"@\" symbol. Note: this cannot prevent attacks against existing users who have registered with an email address.\n\nIf this vulnerability has been triggered, an administrator has two options to remedy it manually by modifying the second account (of the attacker):\n- Delete the account\n- Change the username"
            }
          ],
          "x_redhatCweChain": "CWE-645: Overly Restrictive Account Lockout Mechanism"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2024-1722",
        "datePublished": "2024-02-27T17:39:13.261Z",
        "dateReserved": "2024-02-21T19:39:16.206Z",
        "dateUpdated": "2025-11-21T06:27:40.399Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-6291 (GCVE-0-2023-6291)

    Vulnerability from nvd – Published: 2024-01-26 14:23 – Updated: 2025-11-11 16:12
    VLAI
    Title
    Keycloak: redirect_uri validation bypass
    Summary
    A flaw was found in the redirect_uri validation logic in Keycloak. This issue may allow a bypass of otherwise explicitly allowed hosts. A successful attack may lead to an access token being stolen, making it possible for the attacker to impersonate other users.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')
    Assigner
    References
    URL Tags
    https://access.redhat.com/errata/RHSA-2023:7854 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2023:7855 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2023:7856 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2023:7857 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2023:7858 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2023:7860 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2023:7861 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:0798 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:0799 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:0800 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:0801 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:0804 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/security/cve/CVE-2023-6291 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=2251407 issue-trackingx_refsource_REDHAT
    Impacted products
    Vendor Product Version
    Red Hat Red Hat build of Keycloak 22 Unaffected: 22.0.7-1 , < * (rpm)
        cpe:/a:redhat:build_keycloak:22::el9
    Create a notification for this product.
    Red Hat Red Hat build of Keycloak 22 Unaffected: 22-6 , < * (rpm)
        cpe:/a:redhat:build_keycloak:22::el9
    Create a notification for this product.
    Red Hat Red Hat build of Keycloak 22 Unaffected: 22-9 , < * (rpm)
        cpe:/a:redhat:build_keycloak:22::el9
    Create a notification for this product.
    Red Hat Red Hat build of Keycloak 22.0.7     cpe:/a:redhat:build_keycloak:22
    Create a notification for this product.
    Red Hat Red Hat Single Sign-On 7     cpe:/a:redhat:red_hat_single_sign_on:7.6
    Create a notification for this product.
    Red Hat Red Hat Single Sign-On 7.6 for RHEL 7 Unaffected: 0:18.0.11-2.redhat_00003.1.el7sso , < * (rpm)
        cpe:/a:redhat:red_hat_single_sign_on:7.6::el7
    Create a notification for this product.
    Red Hat Red Hat Single Sign-On 7.6 for RHEL 7 Unaffected: 0:18.0.12-1.redhat_00001.1.el7sso , < * (rpm)
        cpe:/a:redhat:red_hat_single_sign_on:7.6::el7
    Create a notification for this product.
    Red Hat Red Hat Single Sign-On 7.6 for RHEL 8 Unaffected: 0:18.0.11-2.redhat_00003.1.el8sso , < * (rpm)
        cpe:/a:redhat:red_hat_single_sign_on:7.6::el8
    Create a notification for this product.
    Red Hat Red Hat Single Sign-On 7.6 for RHEL 8 Unaffected: 0:18.0.12-1.redhat_00001.1.el8sso , < * (rpm)
        cpe:/a:redhat:red_hat_single_sign_on:7.6::el8
    Create a notification for this product.
    Red Hat Red Hat Single Sign-On 7.6 for RHEL 9 Unaffected: 0:18.0.11-2.redhat_00003.1.el9sso , < * (rpm)
        cpe:/a:redhat:red_hat_single_sign_on:7.6::el9
    Create a notification for this product.
    Red Hat Red Hat Single Sign-On 7.6 for RHEL 9 Unaffected: 0:18.0.12-1.redhat_00001.1.el9sso , < * (rpm)
        cpe:/a:redhat:red_hat_single_sign_on:7.6::el9
    Create a notification for this product.
    Red Hat RHEL-8 based Middleware Containers Unaffected: 7.6-38 , < * (rpm)
        cpe:/a:redhat:rhosemc:1.0::el8
    Create a notification for this product.
    Red Hat RHEL-8 based Middleware Containers Unaffected: 7.6.6-2 , < * (rpm)
        cpe:/a:redhat:rhosemc:1.0::el8
    Create a notification for this product.
    Red Hat RHEL-8 based Middleware Containers Unaffected: 7.6-41 , < * (rpm)
        cpe:/a:redhat:rhosemc:1.0::el8
    Create a notification for this product.
    Red Hat Single Sign-On 7.6.6     cpe:/a:redhat:red_hat_single_sign_on:7.6.6
    Create a notification for this product.
    Red Hat Migration Toolkit for Applications 6     cpe:/a:redhat:migration_toolkit_applications:6
    Create a notification for this product.
    Red Hat Migration Toolkit for Applications 7     cpe:/a:redhat:migration_toolkit_applications:7
    Create a notification for this product.
    Red Hat OpenShift Serverless     cpe:/a:redhat:serverless:1
    Create a notification for this product.
    Red Hat Red Hat Data Grid 8     cpe:/a:redhat:jboss_data_grid:8
    Create a notification for this product.
    Red Hat Red Hat Decision Manager 7     cpe:/a:redhat:jboss_enterprise_brms_platform:7
    Create a notification for this product.
    Red Hat Red Hat Fuse 7     cpe:/a:redhat:jboss_fuse:7
    Create a notification for this product.
    Red Hat Red Hat JBoss Data Grid 7     cpe:/a:redhat:jboss_data_grid:7
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 6     cpe:/a:redhat:jboss_enterprise_application_platform:6
    Create a notification for this product.
    Red Hat Red Hat Process Automation 7     cpe:/a:redhat:jboss_enterprise_bpms_platform:7
    Create a notification for this product.
    Date Public
    2023-12-14 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T08:28:21.867Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "RHSA-2023:7854",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2023:7854"
              },
              {
                "name": "RHSA-2023:7855",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2023:7855"
              },
              {
                "name": "RHSA-2023:7856",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2023:7856"
              },
              {
                "name": "RHSA-2023:7857",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2023:7857"
              },
              {
                "name": "RHSA-2023:7858",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2023:7858"
              },
              {
                "name": "RHSA-2023:7860",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2023:7860"
              },
              {
                "name": "RHSA-2023:7861",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2023:7861"
              },
              {
                "name": "RHSA-2024:0798",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:0798"
              },
              {
                "name": "RHSA-2024:0799",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:0799"
              },
              {
                "name": "RHSA-2024:0800",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:0800"
              },
              {
                "name": "RHSA-2024:0801",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:0801"
              },
              {
                "name": "RHSA-2024:0804",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:0804"
              },
              {
                "tags": [
                  "vdb-entry",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2023-6291"
              },
              {
                "name": "RHBZ#2251407",
                "tags": [
                  "issue-tracking",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2251407"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-6291",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-13T14:56:46.143772Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-13T14:56:59.598Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:build_keycloak:22::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "rhbk/keycloak-operator-bundle",
              "product": "Red Hat build of Keycloak 22",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "22.0.7-1",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:build_keycloak:22::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "rhbk/keycloak-rhel9",
              "product": "Red Hat build of Keycloak 22",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "22-6",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:build_keycloak:22::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "rhbk/keycloak-rhel9-operator",
              "product": "Red Hat build of Keycloak 22",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "22-9",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
              "cpes": [
                "cpe:/a:redhat:build_keycloak:22"
              ],
              "defaultStatus": "unaffected",
              "product": "Red Hat build of Keycloak 22.0.7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:red_hat_single_sign_on:7.6"
              ],
              "defaultStatus": "unaffected",
              "packageName": "rh-sso7-keycloak",
              "product": "Red Hat Single Sign-On 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:red_hat_single_sign_on:7.6::el7"
              ],
              "defaultStatus": "affected",
              "packageName": "rh-sso7-keycloak",
              "product": "Red Hat Single Sign-On 7.6 for RHEL 7",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:18.0.11-2.redhat_00003.1.el7sso",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:red_hat_single_sign_on:7.6::el7"
              ],
              "defaultStatus": "affected",
              "packageName": "rh-sso7-keycloak",
              "product": "Red Hat Single Sign-On 7.6 for RHEL 7",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:18.0.12-1.redhat_00001.1.el7sso",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:red_hat_single_sign_on:7.6::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "rh-sso7-keycloak",
              "product": "Red Hat Single Sign-On 7.6 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:18.0.11-2.redhat_00003.1.el8sso",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:red_hat_single_sign_on:7.6::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "rh-sso7-keycloak",
              "product": "Red Hat Single Sign-On 7.6 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:18.0.12-1.redhat_00001.1.el8sso",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:red_hat_single_sign_on:7.6::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "rh-sso7-keycloak",
              "product": "Red Hat Single Sign-On 7.6 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:18.0.11-2.redhat_00003.1.el9sso",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:red_hat_single_sign_on:7.6::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "rh-sso7-keycloak",
              "product": "Red Hat Single Sign-On 7.6 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:18.0.12-1.redhat_00001.1.el9sso",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:rhosemc:1.0::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "rh-sso-7/sso76-openshift-rhel8",
              "product": "RHEL-8 based Middleware Containers",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "7.6-38",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:rhosemc:1.0::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "rh-sso-7/sso7-rhel8-operator-bundle",
              "product": "RHEL-8 based Middleware Containers",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "7.6.6-2",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:rhosemc:1.0::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "rh-sso-7/sso76-openshift-rhel8",
              "product": "RHEL-8 based Middleware Containers",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "7.6-41",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
              "cpes": [
                "cpe:/a:redhat:red_hat_single_sign_on:7.6.6"
              ],
              "defaultStatus": "unaffected",
              "packageName": "rh-sso7-keycloak",
              "product": "Single Sign-On 7.6.6",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:migration_toolkit_applications:6"
              ],
              "defaultStatus": "affected",
              "packageName": "keycloak",
              "product": "Migration Toolkit for Applications 6",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:migration_toolkit_applications:7"
              ],
              "defaultStatus": "unaffected",
              "packageName": "keycloak",
              "product": "Migration Toolkit for Applications 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:serverless:1"
              ],
              "defaultStatus": "unaffected",
              "packageName": "keycloak",
              "product": "OpenShift Serverless",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_data_grid:8"
              ],
              "defaultStatus": "unaffected",
              "packageName": "keycloak",
              "product": "Red Hat Data Grid 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_brms_platform:7"
              ],
              "defaultStatus": "unaffected",
              "packageName": "keycloak",
              "product": "Red Hat Decision Manager 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_fuse:7"
              ],
              "defaultStatus": "unaffected",
              "packageName": "keycloak",
              "product": "Red Hat Fuse 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
              "cpes": [
                "cpe:/a:redhat:jboss_data_grid:7"
              ],
              "defaultStatus": "unaffected",
              "packageName": "keycloak",
              "product": "Red Hat JBoss Data Grid 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:6"
              ],
              "defaultStatus": "unaffected",
              "packageName": "rh-sso7-keycloak",
              "product": "Red Hat JBoss Enterprise Application Platform 6",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_bpms_platform:7"
              ],
              "defaultStatus": "unaffected",
              "packageName": "keycloak",
              "product": "Red Hat Process Automation 7",
              "vendor": "Red Hat"
            }
          ],
          "datePublic": "2023-12-14T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in the redirect_uri validation logic in Keycloak. This issue may allow a bypass of otherwise explicitly allowed hosts. A successful attack may lead to an access token being stolen, making it possible for the attacker to impersonate other users."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Important"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-601",
                  "description": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-11T16:12:14.005Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2023:7854",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2023:7854"
            },
            {
              "name": "RHSA-2023:7855",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2023:7855"
            },
            {
              "name": "RHSA-2023:7856",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2023:7856"
            },
            {
              "name": "RHSA-2023:7857",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2023:7857"
            },
            {
              "name": "RHSA-2023:7858",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2023:7858"
            },
            {
              "name": "RHSA-2023:7860",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2023:7860"
            },
            {
              "name": "RHSA-2023:7861",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2023:7861"
            },
            {
              "name": "RHSA-2024:0798",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:0798"
            },
            {
              "name": "RHSA-2024:0799",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:0799"
            },
            {
              "name": "RHSA-2024:0800",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:0800"
            },
            {
              "name": "RHSA-2024:0801",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:0801"
            },
            {
              "name": "RHSA-2024:0804",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:0804"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2023-6291"
            },
            {
              "name": "RHBZ#2251407",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2251407"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2023-11-24T00:00:00.000Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2023-12-14T00:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Keycloak: redirect_uri validation bypass",
          "workarounds": [
            {
              "lang": "en",
              "value": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
            }
          ],
          "x_redhatCweChain": "CWE-601: URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2023-6291",
        "datePublished": "2024-01-26T14:23:43.185Z",
        "dateReserved": "2023-11-24T18:16:45.923Z",
        "dateUpdated": "2025-11-11T16:12:14.005Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-6927 (GCVE-0-2023-6927)

    Vulnerability from nvd – Published: 2023-12-18 22:59 – Updated: 2025-11-11 15:55
    VLAI
    Title
    Keycloak: open redirect via "form_post.jwt" jarm response mode
    Summary
    A flaw was found in Keycloak. This issue may allow an attacker to steal authorization codes or tokens from clients using a wildcard in the JARM response mode "form_post.jwt" which could be used to bypass the security patch implemented to address CVE-2023-6134.
    CWE
    • CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')
    Assigner
    References
    URL Tags
    https://access.redhat.com/errata/RHSA-2024:0094 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:0095 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:0096 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:0097 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:0098 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:0100 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:0101 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:0798 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:0799 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:0800 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:0801 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:0804 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/security/cve/CVE-2023-6927 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=2255027 issue-trackingx_refsource_REDHAT
    Impacted products
    Vendor Product Version
    Red Hat Red Hat build of Keycloak 22 Unaffected: 22-7 , < * (rpm)
        cpe:/a:redhat:build_keycloak:22::el9
    Create a notification for this product.
    Red Hat Red Hat build of Keycloak 22.0.8     cpe:/a:redhat:build_keycloak:22
    Create a notification for this product.
    Red Hat Red Hat Single Sign-On 7     cpe:/a:redhat:red_hat_single_sign_on:7.6
    Create a notification for this product.
    Red Hat Red Hat Single Sign-On 7.6 for RHEL 7 Unaffected: 0:18.0.11-3.redhat_00001.1.el7sso , < * (rpm)
        cpe:/a:redhat:red_hat_single_sign_on:7.6::el7
    Create a notification for this product.
    Red Hat Red Hat Single Sign-On 7.6 for RHEL 7 Unaffected: 0:18.0.12-1.redhat_00001.1.el7sso , < * (rpm)
        cpe:/a:redhat:red_hat_single_sign_on:7.6::el7
    Create a notification for this product.
    Red Hat Red Hat Single Sign-On 7.6 for RHEL 8 Unaffected: 0:18.0.11-3.redhat_00001.1.el8sso , < * (rpm)
        cpe:/a:redhat:red_hat_single_sign_on:7.6::el8
    Create a notification for this product.
    Red Hat Red Hat Single Sign-On 7.6 for RHEL 8 Unaffected: 0:18.0.12-1.redhat_00001.1.el8sso , < * (rpm)
        cpe:/a:redhat:red_hat_single_sign_on:7.6::el8
    Create a notification for this product.
    Red Hat Red Hat Single Sign-On 7.6 for RHEL 9 Unaffected: 0:18.0.11-3.redhat_00001.1.el9sso , < * (rpm)
        cpe:/a:redhat:red_hat_single_sign_on:7.6::el9
    Create a notification for this product.
    Red Hat Red Hat Single Sign-On 7.6 for RHEL 9 Unaffected: 0:18.0.12-1.redhat_00001.1.el9sso , < * (rpm)
        cpe:/a:redhat:red_hat_single_sign_on:7.6::el9
    Create a notification for this product.
    Red Hat RHEL-8 based Middleware Containers Unaffected: 7.6-39 , < * (rpm)
        cpe:/a:redhat:rhosemc:1.0::el8
    Create a notification for this product.
    Red Hat RHEL-8 based Middleware Containers Unaffected: 7.6-41 , < * (rpm)
        cpe:/a:redhat:rhosemc:1.0::el8
    Create a notification for this product.
    Red Hat Single Sign-On 7.6.6     cpe:/a:redhat:red_hat_single_sign_on:7.6.6
    Create a notification for this product.
    Date Public
    2023-12-18 00:00
    Credits
    Red Hat would like to thank Pontus Hanssen (Pontus.Hanssen@omegapoint.se) for reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T08:42:08.664Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "RHSA-2024:0094",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:0094"
              },
              {
                "name": "RHSA-2024:0095",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:0095"
              },
              {
                "name": "RHSA-2024:0096",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:0096"
              },
              {
                "name": "RHSA-2024:0097",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:0097"
              },
              {
                "name": "RHSA-2024:0098",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:0098"
              },
              {
                "name": "RHSA-2024:0100",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:0100"
              },
              {
                "name": "RHSA-2024:0101",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:0101"
              },
              {
                "name": "RHSA-2024:0798",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:0798"
              },
              {
                "name": "RHSA-2024:0799",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:0799"
              },
              {
                "name": "RHSA-2024:0800",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:0800"
              },
              {
                "name": "RHSA-2024:0801",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:0801"
              },
              {
                "name": "RHSA-2024:0804",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:0804"
              },
              {
                "tags": [
                  "vdb-entry",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2023-6927"
              },
              {
                "name": "RHBZ#2255027",
                "tags": [
                  "issue-tracking",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2255027"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:build_keycloak:22::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "rhbk/keycloak-rhel9",
              "product": "Red Hat build of Keycloak 22",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "22-7",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:build_keycloak:22"
              ],
              "defaultStatus": "unaffected",
              "packageName": "keycloak-core",
              "product": "Red Hat build of Keycloak 22.0.8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:red_hat_single_sign_on:7.6"
              ],
              "defaultStatus": "unaffected",
              "packageName": "rh-sso7-keycloak",
              "product": "Red Hat Single Sign-On 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:red_hat_single_sign_on:7.6::el7"
              ],
              "defaultStatus": "affected",
              "packageName": "rh-sso7-keycloak",
              "product": "Red Hat Single Sign-On 7.6 for RHEL 7",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:18.0.11-3.redhat_00001.1.el7sso",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:red_hat_single_sign_on:7.6::el7"
              ],
              "defaultStatus": "affected",
              "packageName": "rh-sso7-keycloak",
              "product": "Red Hat Single Sign-On 7.6 for RHEL 7",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:18.0.12-1.redhat_00001.1.el7sso",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:red_hat_single_sign_on:7.6::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "rh-sso7-keycloak",
              "product": "Red Hat Single Sign-On 7.6 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:18.0.11-3.redhat_00001.1.el8sso",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:red_hat_single_sign_on:7.6::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "rh-sso7-keycloak",
              "product": "Red Hat Single Sign-On 7.6 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:18.0.12-1.redhat_00001.1.el8sso",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:red_hat_single_sign_on:7.6::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "rh-sso7-keycloak",
              "product": "Red Hat Single Sign-On 7.6 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:18.0.11-3.redhat_00001.1.el9sso",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:red_hat_single_sign_on:7.6::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "rh-sso7-keycloak",
              "product": "Red Hat Single Sign-On 7.6 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:18.0.12-1.redhat_00001.1.el9sso",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:rhosemc:1.0::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "rh-sso-7/sso76-openshift-rhel8",
              "product": "RHEL-8 based Middleware Containers",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "7.6-39",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:rhosemc:1.0::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "rh-sso-7/sso76-openshift-rhel8",
              "product": "RHEL-8 based Middleware Containers",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "7.6-41",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:red_hat_single_sign_on:7.6.6"
              ],
              "defaultStatus": "unaffected",
              "packageName": "rh-sso7-keycloak",
              "product": "Single Sign-On 7.6.6",
              "vendor": "Red Hat"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Red Hat would like to thank Pontus Hanssen (Pontus.Hanssen@omegapoint.se) for reporting this issue."
            }
          ],
          "datePublic": "2023-12-18T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in Keycloak. This issue may allow an attacker to steal authorization codes or tokens from clients using a wildcard in the JARM response mode \"form_post.jwt\" which could be used to bypass the security patch implemented to address CVE-2023-6134."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Moderate"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.6,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-601",
                  "description": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-11T15:55:11.670Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2024:0094",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:0094"
            },
            {
              "name": "RHSA-2024:0095",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:0095"
            },
            {
              "name": "RHSA-2024:0096",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:0096"
            },
            {
              "name": "RHSA-2024:0097",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:0097"
            },
            {
              "name": "RHSA-2024:0098",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:0098"
            },
            {
              "name": "RHSA-2024:0100",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:0100"
            },
            {
              "name": "RHSA-2024:0101",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:0101"
            },
            {
              "name": "RHSA-2024:0798",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:0798"
            },
            {
              "name": "RHSA-2024:0799",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:0799"
            },
            {
              "name": "RHSA-2024:0800",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:0800"
            },
            {
              "name": "RHSA-2024:0801",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:0801"
            },
            {
              "name": "RHSA-2024:0804",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:0804"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2023-6927"
            },
            {
              "name": "RHBZ#2255027",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2255027"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2023-12-18T00:00:00.000Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2023-12-18T00:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Keycloak: open redirect via \"form_post.jwt\" jarm response mode",
          "workarounds": [
            {
              "lang": "en",
              "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
            }
          ],
          "x_redhatCweChain": "CWE-601: URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2023-6927",
        "datePublished": "2023-12-18T22:59:07.495Z",
        "dateReserved": "2023-12-18T15:44:40.245Z",
        "dateUpdated": "2025-11-11T15:55:11.670Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-3047 (GCVE-0-2026-3047)

    Vulnerability from cvelistv5 – Published: 2026-03-05 18:28 – Updated: 2026-06-30 12:08
    VLAI
    Title
    Org.keycloak.broker.saml: keycloak saml broker: authentication bypass due to disabled saml client completing idp-initiated login
    Summary
    A flaw was found in org.keycloak.broker.saml. When a disabled Security Assertion Markup Language (SAML) client is configured as an Identity Provider (IdP)-initiated broker landing target, it can still complete the login process and establish a Single Sign-On (SSO) session. This allows a remote attacker to gain unauthorized access to other enabled clients without re-authentication, effectively bypassing security restrictions.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-305 - Authentication Bypass by Primary Weakness
    Assigner
    References
    URL Tags
    https://access.redhat.com/errata/RHSA-2026:3925 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:3926 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:3947 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:3948 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/security/cve/CVE-2026-3047 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=2441966 issue-trackingx_refsource_REDHAT
    https://security.access.redhat.com/data/csaf/v2/v… x_sadp-csaf-vex
    Impacted products
    Vendor Product Version
    Red Hat Red Hat build of Keycloak 26.2 Unaffected: 26.2.14-1 , < * (rpm)
        cpe:/a:redhat:build_keycloak:26.2::el9
    Create a notification for this product.
    Red Hat Red Hat build of Keycloak 26.2 Unaffected: 26.2-16 , < * (rpm)
        cpe:/a:redhat:build_keycloak:26.2::el9
    Create a notification for this product.
    Red Hat Red Hat build of Keycloak 26.2.14     cpe:/a:redhat:build_keycloak:26.2::el9
    Create a notification for this product.
    Red Hat Red Hat build of Keycloak 26.4 Unaffected: 26.4.10-1 , < * (rpm)
        cpe:/a:redhat:build_keycloak:26.4::el9
    Create a notification for this product.
    Red Hat Red Hat build of Keycloak 26.4 Unaffected: 26.4-12 , < * (rpm)
        cpe:/a:redhat:build_keycloak:26.4::el9
    Create a notification for this product.
    Red Hat Red Hat build of Keycloak 26.4.10     cpe:/a:redhat:build_keycloak:26.4::el9
    Create a notification for this product.
    Red Hat Red Hat build of Keycloak 26.2     cpe:/a:redhat:build_keycloak:26.2::el9
    Create a notification for this product.
    Red Hat Red Hat build of Keycloak 26.4     cpe:/a:redhat:build_keycloak:26.4::el9
    Create a notification for this product.
    Date Public
    2026-03-05 11:24
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-3047",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-06T18:13:06.967396Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-06T18:13:14.612Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:/a:redhat:build_keycloak:26.2::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat build of Keycloak 26.2",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:build_keycloak:26.4::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat build of Keycloak 26.4",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:build_keycloak:26.2::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat build of Keycloak 26.2.14",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:build_keycloak:26.4::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat build of Keycloak 26.4.10",
                "vendor": "Red Hat"
              }
            ],
            "datePublic": "2026-03-05T11:24:00.000Z",
            "descriptions": [
              {
                "lang": "en",
                "value": "A flaw was found in org.keycloak.broker.saml. When a disabled Security Assertion Markup Language (SAML) client is configured as an Identity Provider (IdP)-initiated broker landing target, it can still complete the login process and establish a Single Sign-On (SSO) session. This allows a remote attacker to gain unauthorized access to other enabled clients without re-authentication, effectively bypassing security restrictions."
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "namespace": "https://access.redhat.com/security/updates/classification/",
                    "value": "Important"
                  },
                  "type": "Red Hat severity rating"
                }
              },
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 8.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                },
                "format": "CVSS"
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-305",
                    "description": "Authentication Bypass by Primary Weakness",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-30T12:08:19.870Z",
              "orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
              "shortName": "redhat-SADP"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2026-3047"
              },
              {
                "name": "RHBZ#2441966",
                "tags": [
                  "issue-tracking",
                  "x_refsource_REDHAT"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2441966"
              },
              {
                "tags": [
                  "x_sadp-csaf-vex"
                ],
                "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-3047.json"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:3925"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:3948"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:3926"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:3947"
              }
            ],
            "solutions": [
              {
                "lang": "en",
                "value": "RHSA-2026:3925: Red Hat build of Keycloak 26.2"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:3948: Red Hat build of Keycloak 26.4"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:3926: Red Hat build of Keycloak 26.2.14"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:3947: Red Hat build of Keycloak 26.4.10"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2026-02-23T17:29:50.192Z",
                "value": "Reported to Red Hat."
              },
              {
                "lang": "en",
                "time": "2026-03-05T11:24:00.000Z",
                "value": "Made public."
              }
            ],
            "title": "org.keycloak.broker.saml: Keycloak SAML broker: Authentication bypass due to disabled SAML client completing IdP-initiated login",
            "workarounds": [
              {
                "lang": "en",
                "value": "To mitigate this issue, ensure that any SAML client intended to be disabled is not configured as an IdP-initiated broker landing target within Keycloak. Review your Keycloak realm configurations to identify and remove any such associations for disabled clients."
              }
            ],
            "x_adpType": "supplier",
            "x_generator": {
              "engine": "sadp-cli 1.0.0"
            }
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:build_keycloak:26.2::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "rhbk/keycloak-operator-bundle",
              "product": "Red Hat build of Keycloak 26.2",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "26.2.14-1",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:build_keycloak:26.2::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "rhbk/keycloak-rhel9",
              "product": "Red Hat build of Keycloak 26.2",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "26.2-16",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:build_keycloak:26.2::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "rhbk/keycloak-rhel9-operator",
              "product": "Red Hat build of Keycloak 26.2",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "26.2-16",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:build_keycloak:26.2::el9"
              ],
              "defaultStatus": "unaffected",
              "packageName": "rhbk/keycloak-rhel9",
              "product": "Red Hat build of Keycloak 26.2.14",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:build_keycloak:26.4::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "rhbk/keycloak-operator-bundle",
              "product": "Red Hat build of Keycloak 26.4",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "26.4.10-1",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:build_keycloak:26.4::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "rhbk/keycloak-rhel9",
              "product": "Red Hat build of Keycloak 26.4",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "26.4-12",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:build_keycloak:26.4::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "rhbk/keycloak-rhel9-operator",
              "product": "Red Hat build of Keycloak 26.4",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "26.4-12",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:build_keycloak:26.4::el9"
              ],
              "defaultStatus": "unaffected",
              "packageName": "rhbk/keycloak-rhel9",
              "product": "Red Hat build of Keycloak 26.4.10",
              "vendor": "Red Hat"
            }
          ],
          "datePublic": "2026-03-05T11:24:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in org.keycloak.broker.saml. When a disabled Security Assertion Markup Language (SAML) client is configured as an Identity Provider (IdP)-initiated broker landing target, it can still complete the login process and establish a Single Sign-On (SSO) session. This allows a remote attacker to gain unauthorized access to other enabled clients without re-authentication, effectively bypassing security restrictions."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Important"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-305",
                  "description": "Authentication Bypass by Primary Weakness",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-06T02:36:29.782Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2026:3925",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:3925"
            },
            {
              "name": "RHSA-2026:3926",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:3926"
            },
            {
              "name": "RHSA-2026:3947",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:3947"
            },
            {
              "name": "RHSA-2026:3948",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:3948"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2026-3047"
            },
            {
              "name": "RHBZ#2441966",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2441966"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-02-23T17:29:50.192Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2026-03-05T11:24:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Org.keycloak.broker.saml: keycloak saml broker: authentication bypass due to disabled saml client completing idp-initiated login",
          "workarounds": [
            {
              "lang": "en",
              "value": "To mitigate this issue, ensure that any SAML client intended to be disabled is not configured as an IdP-initiated broker landing target within Keycloak. Review your Keycloak realm configurations to identify and remove any such associations for disabled clients."
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-305: Authentication Bypass by Primary Weakness"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2026-3047",
        "datePublished": "2026-03-05T18:28:36.337Z",
        "dateReserved": "2026-02-23T17:30:53.926Z",
        "dateUpdated": "2026-06-30T12:08:19.870Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-12150 (GCVE-0-2025-12150)

    Vulnerability from cvelistv5 – Published: 2026-02-27 08:10 – Updated: 2026-03-06 18:46
    VLAI
    Title
    Org.keycloak/keycloak-services: webauthn attestation statement verification bypass
    Summary
    A flaw was found in Keycloak’s WebAuthn registration component. This vulnerability allows an attacker to bypass the configured attestation policy and register untrusted or forged authenticators via submission of an attestation object with fmt: "none", even when the realm is configured to require direct attestation. This can lead to weakened authentication integrity and unauthorized authenticator registration.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-347 - Improper Verification of Cryptographic Signature
    Assigner
    References
    Impacted products
    Vendor Product Version
    Keycloak keycloak Affected: 0 , < 26.4.4 (semver)
    Create a notification for this product.
    Red Hat Red Hat build of Keycloak 26.2 Unaffected: 26.2.11-1 , < * (rpm)
        cpe:/a:redhat:build_keycloak:26.2::el9
    Create a notification for this product.
    Red Hat Red Hat build of Keycloak 26.2 Unaffected: 26.2-12 , < * (rpm)
        cpe:/a:redhat:build_keycloak:26.2::el9
    Create a notification for this product.
    Red Hat Red Hat build of Keycloak 26.2.11     cpe:/a:redhat:build_keycloak:26.2::el9
    Create a notification for this product.
    Red Hat Red Hat build of Keycloak 26.4 Unaffected: 26.4.4-1 , < * (rpm)
        cpe:/a:redhat:build_keycloak:26.4::el9
    Create a notification for this product.
    Red Hat Red Hat build of Keycloak 26.4 Unaffected: 26.4-3 , < * (rpm)
        cpe:/a:redhat:build_keycloak:26.4::el9
    Create a notification for this product.
    Red Hat Red Hat build of Keycloak 26.4.4     cpe:/a:redhat:build_keycloak:26.4::el9
    Create a notification for this product.
    Date Public
    2025-10-28 15:04
    Credits
    Red Hat would like to thank Stefan Kunz (cnlab) for reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-12150",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-27T16:45:45.376102Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-06T18:46:41.611Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://github.com/keycloak/keycloak",
              "defaultStatus": "unaffected",
              "packageName": "keycloak",
              "product": "keycloak",
              "vendor": "Keycloak",
              "versions": [
                {
                  "lessThan": "26.4.4",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:build_keycloak:26.2::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "rhbk/keycloak-operator-bundle",
              "product": "Red Hat build of Keycloak 26.2",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "26.2.11-1",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:build_keycloak:26.2::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "rhbk/keycloak-rhel9",
              "product": "Red Hat build of Keycloak 26.2",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "26.2-12",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:build_keycloak:26.2::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "rhbk/keycloak-rhel9-operator",
              "product": "Red Hat build of Keycloak 26.2",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "26.2-12",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:build_keycloak:26.2::el9"
              ],
              "defaultStatus": "unaffected",
              "product": "Red Hat build of Keycloak 26.2.11",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:build_keycloak:26.4::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "rhbk/keycloak-operator-bundle",
              "product": "Red Hat build of Keycloak 26.4",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "26.4.4-1",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:build_keycloak:26.4::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "rhbk/keycloak-rhel9",
              "product": "Red Hat build of Keycloak 26.4",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "26.4-3",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:build_keycloak:26.4::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "rhbk/keycloak-rhel9-operator",
              "product": "Red Hat build of Keycloak 26.4",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "26.4-3",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:build_keycloak:26.4::el9"
              ],
              "defaultStatus": "unaffected",
              "packageName": "org.keycloak/keycloak-services",
              "product": "Red Hat build of Keycloak 26.4.4",
              "vendor": "Red Hat"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Red Hat would like to thank Stefan Kunz (cnlab) for reporting this issue."
            }
          ],
          "datePublic": "2025-10-28T15:04:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in Keycloak\u2019s WebAuthn registration component. This vulnerability allows an attacker to bypass the configured attestation policy and register untrusted or forged authenticators via submission of an attestation object with fmt: \"none\", even when the realm is configured to require direct attestation. This can lead to weakened authentication integrity and unauthorized authenticator registration."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Low"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 3.1,
                "baseSeverity": "LOW",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-347",
                  "description": "Improper Verification of Cryptographic Signature",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-05T02:24:50.196Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2025:21370",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:21370"
            },
            {
              "name": "RHSA-2025:21371",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:21371"
            },
            {
              "name": "RHSA-2025:22088",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:22088"
            },
            {
              "name": "RHSA-2025:22089",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:22089"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2025-12150"
            },
            {
              "name": "RHBZ#2406192",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2406192"
            },
            {
              "url": "https://github.com/keycloak/keycloak/issues/43723"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-10-24T11:25:25.758Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2025-10-28T15:04:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Org.keycloak/keycloak-services: webauthn attestation statement verification bypass",
          "workarounds": [
            {
              "lang": "en",
              "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-347: Improper Verification of Cryptographic Signature"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2025-12150",
        "datePublished": "2026-02-27T08:10:15.448Z",
        "dateReserved": "2025-10-24T11:44:03.633Z",
        "dateUpdated": "2026-03-06T18:46:41.611Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-0871 (GCVE-0-2026-0871)

    Vulnerability from cvelistv5 – Published: 2026-02-27 07:30 – Updated: 2026-03-06 18:50
    VLAI
    Title
    Org.keycloak/keycloak-services: keycloak: unauthorized modification of unmanaged user attributes by administrators
    Summary
    A flaw was found in Keycloak. An administrator with `manage-users` permission can bypass the "Only administrators can view" setting for unmanaged attributes, allowing them to modify these attributes. This improper access control can lead to unauthorized changes to user profiles, even when the system is configured to restrict such modifications.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-266 - Incorrect Privilege Assignment
    Assigner
    References
    URL Tags
    https://access.redhat.com/errata/RHSA-2026:2365 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:2366 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/security/cve/CVE-2026-0871 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=2428881 issue-trackingx_refsource_REDHAT
    Impacted products
    Vendor Product Version
    Red Hat Red Hat build of Keycloak 26.4 Unaffected: 26.4.9-1 , < * (rpm)
        cpe:/a:redhat:build_keycloak:26.4::el9
    Create a notification for this product.
    Red Hat Red Hat build of Keycloak 26.4 Unaffected: 26.4-11 , < * (rpm)
        cpe:/a:redhat:build_keycloak:26.4::el9
    Create a notification for this product.
    Red Hat Red Hat build of Keycloak 26.4 Unaffected: 26.4-10 , < * (rpm)
        cpe:/a:redhat:build_keycloak:26.4::el9
    Create a notification for this product.
    Red Hat Red Hat build of Keycloak 26.4.9     cpe:/a:redhat:build_keycloak:26.4::el9
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8     cpe:/a:redhat:jboss_enterprise_application_platform:8
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform Expansion Pack     cpe:/a:redhat:jbosseapxp
    Create a notification for this product.
    Red Hat Red Hat Single Sign-On 7     cpe:/a:redhat:red_hat_single_sign_on:7
    Create a notification for this product.
    Date Public
    2025-01-13 08:08
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-0871",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-27T16:51:23.992734Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-06T18:50:44.774Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:build_keycloak:26.4::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "rhbk/keycloak-operator-bundle",
              "product": "Red Hat build of Keycloak 26.4",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "26.4.9-1",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:build_keycloak:26.4::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "rhbk/keycloak-rhel9",
              "product": "Red Hat build of Keycloak 26.4",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "26.4-11",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:build_keycloak:26.4::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "rhbk/keycloak-rhel9-operator",
              "product": "Red Hat build of Keycloak 26.4",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "26.4-10",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:build_keycloak:26.4::el9"
              ],
              "defaultStatus": "unaffected",
              "packageName": "rhbk/keycloak-rhel9",
              "product": "Red Hat build of Keycloak 26.4.9",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8"
              ],
              "defaultStatus": "affected",
              "packageName": "keycloak-services",
              "product": "Red Hat JBoss Enterprise Application Platform 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
              "cpes": [
                "cpe:/a:redhat:jbosseapxp"
              ],
              "defaultStatus": "affected",
              "packageName": "keycloak-services",
              "product": "Red Hat JBoss Enterprise Application Platform Expansion Pack",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:red_hat_single_sign_on:7"
              ],
              "defaultStatus": "affected",
              "packageName": "keycloak-services",
              "product": "Red Hat Single Sign-On 7",
              "vendor": "Red Hat"
            }
          ],
          "datePublic": "2025-01-13T08:08:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in Keycloak. An administrator with `manage-users` permission can bypass the \"Only administrators can view\" setting for unmanaged attributes, allowing them to modify these attributes. This improper access control can lead to unauthorized changes to user profiles, even when the system is configured to restrict such modifications."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Moderate"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-266",
                  "description": "Incorrect Privilege Assignment",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-27T07:30:26.766Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2026:2365",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:2365"
            },
            {
              "name": "RHSA-2026:2366",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:2366"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2026-0871"
            },
            {
              "name": "RHBZ#2428881",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2428881"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-01-13T08:32:26.428Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2025-01-13T08:08:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Org.keycloak/keycloak-services: keycloak: unauthorized modification of unmanaged user attributes by administrators",
          "workarounds": [
            {
              "lang": "en",
              "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-266: Incorrect Privilege Assignment"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2026-0871",
        "datePublished": "2026-02-27T07:30:26.766Z",
        "dateReserved": "2026-01-13T08:41:28.810Z",
        "dateUpdated": "2026-03-06T18:50:44.774Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-8419 (GCVE-0-2025-8419)

    Vulnerability from cvelistv5 – Published: 2025-08-06 17:10 – Updated: 2026-01-08 02:59
    VLAI
    Title
    Org.keycloak/keycloak-services: keycloak smtp inject vulnerability
    Summary
    A vulnerability was found in Keycloak-services. Special characters used during e-mail registration may perform SMTP Injection and unexpectedly send short unwanted e-mails. The email is limited to 64 characters (limited local part of the email), so the attack is limited to very shorts emails (subject and little data, the example is 60 chars). This flaw's only direct consequence is an unsolicited email being sent from the Keycloak server. However, this action could be a precursor for more sophisticated attacks.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-93 - Improper Neutralization of CRLF Sequences ('CRLF Injection')
    Assigner
    References
    URL Tags
    https://access.redhat.com/errata/RHSA-2025:15336 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:15337 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:15338 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:15339 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/security/cve/CVE-2025-8419 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=2385776 issue-trackingx_refsource_REDHAT
    Impacted products
    Vendor Product Version
    Keycloak keycloak Affected: 0 , < 26.3.3 (semver)
    Create a notification for this product.
    Red Hat Red Hat build of Keycloak 26.0     cpe:/a:redhat:build_keycloak:26.0
    Create a notification for this product.
    Red Hat Red Hat build of Keycloak 26.0 Unaffected: 26.0.15-1 , < * (rpm)
        cpe:/a:redhat:build_keycloak:26.0::el9
    Create a notification for this product.
    Red Hat Red Hat build of Keycloak 26.0 Unaffected: 26.0-18 , < * (rpm)
        cpe:/a:redhat:build_keycloak:26.0::el9
    Create a notification for this product.
    Red Hat Red Hat build of Keycloak 26.0 Unaffected: 26.0-19 , < * (rpm)
        cpe:/a:redhat:build_keycloak:26.0::el9
    Create a notification for this product.
    Red Hat Red Hat build of Keycloak 26.2     cpe:/a:redhat:build_keycloak:26.2
    Create a notification for this product.
    Red Hat Red Hat build of Keycloak 26.2 Unaffected: 26.2.8-1 , < * (rpm)
        cpe:/a:redhat:build_keycloak:26.2::el9
    Create a notification for this product.
    Red Hat Red Hat build of Keycloak 26.2 Unaffected: 26.2-8 , < * (rpm)
        cpe:/a:redhat:build_keycloak:26.2::el9
    Create a notification for this product.
    Date Public
    2025-08-06 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-8419",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-08-06T17:23:42.798821Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-08-06T17:23:54.030Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://github.com/keycloak/keycloak",
              "defaultStatus": "unaffected",
              "packageName": "keycloak",
              "product": "keycloak",
              "vendor": "Keycloak",
              "versions": [
                {
                  "lessThan": "26.3.3",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:build_keycloak:26.0"
              ],
              "defaultStatus": "unaffected",
              "packageName": "org.keycloak/keycloak-services",
              "product": "Red Hat build of Keycloak 26.0",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:build_keycloak:26.0::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "rhbk/keycloak-operator-bundle",
              "product": "Red Hat build of Keycloak 26.0",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "26.0.15-1",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:build_keycloak:26.0::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "rhbk/keycloak-rhel9",
              "product": "Red Hat build of Keycloak 26.0",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "26.0-18",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:build_keycloak:26.0::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "rhbk/keycloak-rhel9-operator",
              "product": "Red Hat build of Keycloak 26.0",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "26.0-19",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:build_keycloak:26.2"
              ],
              "defaultStatus": "unaffected",
              "packageName": "org.keycloak/keycloak-services",
              "product": "Red Hat build of Keycloak 26.2",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:build_keycloak:26.2::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "rhbk/keycloak-operator-bundle",
              "product": "Red Hat build of Keycloak 26.2",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "26.2.8-1",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:build_keycloak:26.2::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "rhbk/keycloak-rhel9",
              "product": "Red Hat build of Keycloak 26.2",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "26.2-8",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:build_keycloak:26.2::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "rhbk/keycloak-rhel9-operator",
              "product": "Red Hat build of Keycloak 26.2",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "26.2-8",
                  "versionType": "rpm"
                }
              ]
            }
          ],
          "datePublic": "2025-08-06T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was found in Keycloak-services. Special characters used during e-mail registration may perform SMTP Injection and unexpectedly send short unwanted e-mails. The email is limited to 64 characters (limited local part of the email), so the attack is limited to very shorts emails (subject and little data, the example is 60 chars). This flaw\u0027s only direct consequence is an unsolicited email being sent from the Keycloak server. However, this action could be a precursor for more sophisticated attacks."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Moderate"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-93",
                  "description": "Improper Neutralization of CRLF Sequences (\u0027CRLF Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-01-08T02:59:54.153Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2025:15336",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:15336"
            },
            {
              "name": "RHSA-2025:15337",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:15337"
            },
            {
              "name": "RHSA-2025:15338",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:15338"
            },
            {
              "name": "RHSA-2025:15339",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:15339"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2025-8419"
            },
            {
              "name": "RHBZ#2385776",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2385776"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-07-31T14:11:31.674Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2025-08-06T00:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Org.keycloak/keycloak-services: keycloak smtp inject vulnerability",
          "workarounds": [
            {
              "lang": "en",
              "value": "Currently, no mitigation is available for this vulnerability."
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-93: Improper Neutralization of CRLF Sequences (\u0027CRLF Injection\u0027)"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2025-8419",
        "datePublished": "2025-08-06T17:10:02.560Z",
        "dateReserved": "2025-07-31T14:26:59.052Z",
        "dateUpdated": "2026-01-08T02:59:54.153Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-7365 (GCVE-0-2025-7365)

    Vulnerability from cvelistv5 – Published: 2025-07-10 14:20 – Updated: 2026-05-06 16:48
    VLAI
    Title
    Keycloak: phishing attack via email verification step in first login flow
    Summary
    A flaw was found in Keycloak. When an authenticated attacker attempts to merge accounts with another existing account during an identity provider (IdP) login, the attacker will subsequently be prompted to "review profile" information. This vulnerability allows the attacker to modify their email address to match that of a victim's account, triggering a verification email sent to the victim's email address. The attacker's email address is not present in the verification email content, making it a potential phishing opportunity. If the victim clicks the verification link, the attacker can gain access to the victim's account.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-346 - Origin Validation Error
    Assigner
    Impacted products
    Vendor Product Version
    Affected: 0 , < 26.0.13 (semver)
    Unknown: 26.1.0 , < 26.1.* (semver)
    Affected: 26.2.0 , < 26.2.6 (semver)
    Red Hat Red Hat build of Keycloak 26     cpe:/a:redhat:build_keycloak:26.0::el9
    Create a notification for this product.
    Red Hat Red Hat build of Keycloak 26     cpe:/a:redhat:build_keycloak:26.2::el9
    Create a notification for this product.
    Red Hat Red Hat build of Keycloak 26.0 Unaffected: 26.0.13-2 , < * (rpm)
        cpe:/a:redhat:build_keycloak:26.0::el9
    Create a notification for this product.
    Red Hat Red Hat build of Keycloak 26.0 Unaffected: 26.0-16 , < * (rpm)
        cpe:/a:redhat:build_keycloak:26.0::el9
    Create a notification for this product.
    Red Hat Red Hat build of Keycloak 26.0 Unaffected: 26.0-17 , < * (rpm)
        cpe:/a:redhat:build_keycloak:26.0::el9
    Create a notification for this product.
    Red Hat Red Hat build of Keycloak 26.2 Unaffected: 26.2.6-1 , < * (rpm)
        cpe:/a:redhat:build_keycloak:26.2::el9
    Create a notification for this product.
    Red Hat Red Hat build of Keycloak 26.2 Unaffected: 26.2-6 , < * (rpm)
        cpe:/a:redhat:build_keycloak:26.2::el9
    Create a notification for this product.
    Date Public
    2025-06-20 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-7365",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-07-10T20:16:26.504640Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-07-10T20:16:34.172Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://github.com/keycloak/keycloak/",
              "defaultStatus": "unaffected",
              "packageName": "keycloak",
              "versions": [
                {
                  "lessThan": "26.0.13",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "26.1.*",
                  "status": "unknown",
                  "version": "26.1.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "26.2.6",
                  "status": "affected",
                  "version": "26.2.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:build_keycloak:26.0::el9"
              ],
              "defaultStatus": "unaffected",
              "packageName": "org.keycloak/keycloak-services",
              "product": "Red Hat build of Keycloak 26",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:build_keycloak:26.2::el9"
              ],
              "defaultStatus": "unaffected",
              "packageName": "org.keycloak/keycloak-services",
              "product": "Red Hat build of Keycloak 26",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:build_keycloak:26.0::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "rhbk/keycloak-operator-bundle",
              "product": "Red Hat build of Keycloak 26.0",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "26.0.13-2",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:build_keycloak:26.0::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "rhbk/keycloak-rhel9",
              "product": "Red Hat build of Keycloak 26.0",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "26.0-16",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:build_keycloak:26.0::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "rhbk/keycloak-rhel9-operator",
              "product": "Red Hat build of Keycloak 26.0",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "26.0-17",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:build_keycloak:26.2::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "rhbk/keycloak-operator-bundle",
              "product": "Red Hat build of Keycloak 26.2",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "26.2.6-1",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:build_keycloak:26.2::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "rhbk/keycloak-rhel9",
              "product": "Red Hat build of Keycloak 26.2",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "26.2-6",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:build_keycloak:26.2::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "rhbk/keycloak-rhel9-operator",
              "product": "Red Hat build of Keycloak 26.2",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "26.2-6",
                  "versionType": "rpm"
                }
              ]
            }
          ],
          "datePublic": "2025-06-20T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in Keycloak. When an authenticated attacker attempts to merge accounts with another existing account during an identity provider (IdP) login, the attacker will subsequently be prompted to \"review profile\" information. This vulnerability allows the attacker to modify their email address to match that of a victim\u0027s account, triggering a verification email sent to the victim\u0027s email address. The attacker\u0027s email address is not present in the verification email content, making it a potential phishing opportunity. If the victim clicks the verification link, the attacker can gain access to the victim\u0027s account."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Moderate"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-346",
                  "description": "Origin Validation Error",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-06T16:48:53.236Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2025:11986",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:11986"
            },
            {
              "name": "RHSA-2025:11987",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:11987"
            },
            {
              "name": "RHSA-2025:12015",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:12015"
            },
            {
              "name": "RHSA-2025:12016",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:12016"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2025-7365"
            },
            {
              "name": "RHBZ#2378852",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2378852"
            },
            {
              "url": "https://github.com/keycloak/keycloak/issues/40446"
            },
            {
              "url": "https://github.com/keycloak/keycloak/pull/40520"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-07-08T18:35:00.135Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2025-06-20T00:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Keycloak: phishing attack via email verification step in first login flow",
          "workarounds": [
            {
              "lang": "en",
              "value": "Disable account review in the Identity Provider to prevent users from potentially modifying identity information. Disable the email verification step and use only re-authentication step."
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-346: Origin Validation Error"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2025-7365",
        "datePublished": "2025-07-10T14:20:45.775Z",
        "dateReserved": "2025-07-08T18:22:15.734Z",
        "dateUpdated": "2026-05-06T16:48:53.236Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-5416 (GCVE-0-2025-5416)

    Vulnerability from cvelistv5 – Published: 2025-06-20 16:04 – Updated: 2025-11-21 07:36
    VLAI
    Title
    Keycloak-core: keycloak environment information
    Summary
    A vulnerability has been identified in Keycloak that could lead to unauthorized information disclosure. While it requires an already authenticated user, the /admin/serverinfo endpoint can inadvertently provide sensitive environment information.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-497 - Exposure of Sensitive System Information to an Unauthorized Control Sphere
    Assigner
    References
    URL Tags
    https://access.redhat.com/security/cve/CVE-2025-5416 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=2369601 issue-trackingx_refsource_REDHAT
    Impacted products
    Vendor Product Version
    Red Hat Red Hat Build of Keycloak     cpe:/a:redhat:build_keycloak:
    Create a notification for this product.
    Date Public
    2025-06-19 03:46
    Credits
    Red Hat would like to thank Ibrahim Khorwat (Almadar Aljadid) and Murad Baggas (Almadar Aljadid) for reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-5416",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-06-20T17:18:46.882463Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-06-20T17:19:47.826Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:build_keycloak:"
              ],
              "defaultStatus": "affected",
              "packageName": "keycloak",
              "product": "Red Hat Build of Keycloak",
              "vendor": "Red Hat"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Red Hat would like to thank Ibrahim Khorwat (Almadar Aljadid) and Murad Baggas (Almadar Aljadid) for reporting this issue."
            }
          ],
          "datePublic": "2025-06-19T03:46:39.314Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability has been identified in Keycloak that could lead to unauthorized information disclosure. While it requires an already authenticated user, the /admin/serverinfo endpoint can inadvertently provide sensitive environment information."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Low"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 2.7,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-497",
                  "description": "Exposure of Sensitive System Information to an Unauthorized Control Sphere",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-21T07:36:39.759Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2025-5416"
            },
            {
              "name": "RHBZ#2369601",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2369601"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-05-31T22:27:15.422Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2025-06-19T03:46:39.314Z",
              "value": "Made public."
            }
          ],
          "title": "Keycloak-core: keycloak environment information",
          "workarounds": [
            {
              "lang": "en",
              "value": "Currently, no mitigation is available for this vulnerability."
            }
          ],
          "x_redhatCweChain": "CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2025-5416",
        "datePublished": "2025-06-20T16:04:05.694Z",
        "dateReserved": "2025-05-31T22:31:34.145Z",
        "dateUpdated": "2025-11-21T07:36:39.759Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-6841 (GCVE-0-2023-6841)

    Vulnerability from cvelistv5 – Published: 2024-09-10 16:15 – Updated: 2025-11-08 07:10
    VLAI
    Title
    Keycloak: amount of attributes per object is not limited and it may lead to dos
    Summary
    A denial of service vulnerability was found in keycloak where the amount of attributes per object is not limited,an attacker by sending repeated HTTP requests could cause a resource exhaustion when the application send back rows with long attribute values.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-231 - Improper Handling of Extra Values
    Assigner
    References
    URL Tags
    https://access.redhat.com/security/cve/CVE-2023-6841 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=2254714 issue-trackingx_refsource_REDHAT
    Impacted products
    Vendor Product Version
    Affected: 0 , < 24.0.0 (semver)
    Red Hat Red Hat build of Quarkus     cpe:/a:redhat:openshift_application_runtimes:1.0
    Create a notification for this product.
    Red Hat Red Hat Fuse 7     cpe:/a:redhat:jboss_fuse:7
    Create a notification for this product.
    Red Hat Red Hat Mobile Application Platform 4     cpe:/a:redhat:mobile_application_platform:4
    Create a notification for this product.
    Red Hat Red Hat OpenShift Application Runtimes     cpe:/a:redhat:openshift_application_runtimes:1.0
    Create a notification for this product.
    Red Hat Red Hat Process Automation 7     cpe:/a:redhat:jboss_enterprise_bpms_platform:7
    Create a notification for this product.
    Red Hat Red Hat Single Sign-On 7     cpe:/a:redhat:red_hat_single_sign_on:7
    Create a notification for this product.
    Red Hat Red Hat support for Spring Boot     cpe:/a:redhat:openshift_application_runtimes:1.0
    Create a notification for this product.
    Date Public
    2024-09-10 15:45
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-6841",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-01T20:20:35.831984Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-01T20:20:45.372Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://github.com/keycloak/keycloak",
              "defaultStatus": "unaffected",
              "packageName": "keycloak",
              "versions": [
                {
                  "lessThan": "24.0.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift_application_runtimes:1.0"
              ],
              "defaultStatus": "unaffected",
              "packageName": "keycloak",
              "product": "Red Hat build of Quarkus",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_fuse:7"
              ],
              "defaultStatus": "unaffected",
              "packageName": "keycloak",
              "product": "Red Hat Fuse 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:mobile_application_platform:4"
              ],
              "defaultStatus": "unaffected",
              "packageName": "keycloak",
              "product": "Red Hat Mobile Application Platform 4",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift_application_runtimes:1.0"
              ],
              "defaultStatus": "unaffected",
              "packageName": "keycloak",
              "product": "Red Hat OpenShift Application Runtimes",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_bpms_platform:7"
              ],
              "defaultStatus": "unaffected",
              "packageName": "keycloak",
              "product": "Red Hat Process Automation 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:red_hat_single_sign_on:7"
              ],
              "defaultStatus": "affected",
              "packageName": "rh-sso7-keycloak",
              "product": "Red Hat Single Sign-On 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift_application_runtimes:1.0"
              ],
              "defaultStatus": "unaffected",
              "packageName": "keycloak",
              "product": "Red Hat support for Spring Boot",
              "vendor": "Red Hat"
            }
          ],
          "datePublic": "2024-09-10T15:45:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A denial of service vulnerability was found in keycloak where the amount of attributes per object is not limited,an attacker by sending repeated HTTP requests could cause a resource exhaustion when the application send back rows with long attribute values."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Moderate"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-231",
                  "description": "Improper Handling of Extra Values",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-08T07:10:39.283Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2023-6841"
            },
            {
              "name": "RHBZ#2254714",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254714"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2023-12-15T00:00:00.000Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2024-09-10T15:45:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Keycloak: amount of attributes per object is not limited and it may lead to dos",
          "workarounds": [
            {
              "lang": "en",
              "value": "This CVE is mitigated by the \u0027User Profile\u0027 functionality, which was introduced in Keycloak 24. This feature introduces additional validation which prevents this vulnerability from being exploited."
            }
          ],
          "x_redhatCweChain": "CWE-231: Improper Handling of Extra Values"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2023-6841",
        "datePublished": "2024-09-10T16:15:32.639Z",
        "dateReserved": "2023-12-15T12:33:39.292Z",
        "dateUpdated": "2025-11-08T07:10:39.283Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-7341 (GCVE-0-2024-7341)

    Vulnerability from cvelistv5 – Published: 2024-09-09 18:51 – Updated: 2026-04-01 13:28
    VLAI
    Title
    Wildfly-elytron: org.keycloak/keycloak-services: session fixation in elytron saml adapters
    Summary
    A session fixation issue was discovered in the SAML adapters provided by Keycloak. The session ID and JSESSIONID cookie are not changed at login time, even when the turnOffChangeSessionIdOnLogin option is configured. This flaw allows an attacker who hijacks the current session before authentication to trigger session fixation.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://access.redhat.com/errata/RHSA-2024:6493 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:6494 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:6495 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:6497 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:6499 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:6500 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:6501 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:6502 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:6503 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/security/cve/CVE-2024-7341 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=2302064 issue-trackingx_refsource_REDHAT
    https://github.com/advisories/GHSA-j76j-rqwj-jmvv
    Impacted products
    Vendor Product Version
    Affected: 0 , < 22.0.12 (semver)
    Affected: 23.0.0 , < 24.0.7 (semver)
    Affected: 25.0.0 , < 25.0.5 (semver)
    Red Hat Red Hat Build of Keycloak     cpe:/a:redhat:build_keycloak:22
    Create a notification for this product.
    Red Hat Red Hat Build of Keycloak     cpe:/a:redhat:build_keycloak:24
    Create a notification for this product.
    Red Hat Red Hat build of Keycloak 22 Unaffected: 22.0.12-1 , < * (rpm)
        cpe:/a:redhat:build_keycloak:22::el9
    Create a notification for this product.
    Red Hat Red Hat build of Keycloak 22 Unaffected: 22-17 , < * (rpm)
        cpe:/a:redhat:build_keycloak:22::el9
    Create a notification for this product.
    Red Hat Red Hat build of Keycloak 22 Unaffected: 22-20 , < * (rpm)
        cpe:/a:redhat:build_keycloak:22::el9
    Create a notification for this product.
    Red Hat Red Hat build of Keycloak 24 Unaffected: 24.0.7-4 , < * (rpm)
        cpe:/a:redhat:build_keycloak:24::el9
    Create a notification for this product.
    Red Hat Red Hat build of Keycloak 24 Unaffected: 24-16 , < * (rpm)
        cpe:/a:redhat:build_keycloak:24::el9
    Create a notification for this product.
    Red Hat Red Hat Single Sign-On 7     cpe:/a:redhat:red_hat_single_sign_on:7.6
    Create a notification for this product.
    Red Hat Red Hat Single Sign-On 7.6 for RHEL 7 Unaffected: 0:18.0.16-1.redhat_00001.1.el7sso , < * (rpm)
        cpe:/a:redhat:red_hat_single_sign_on:7.6::el7
    Create a notification for this product.
    Red Hat Red Hat Single Sign-On 7.6 for RHEL 8 Unaffected: 0:18.0.16-1.redhat_00001.1.el8sso , < * (rpm)
        cpe:/a:redhat:red_hat_single_sign_on:7.6::el8
    Create a notification for this product.
    Red Hat Red Hat Single Sign-On 7.6 for RHEL 9 Unaffected: 0:18.0.16-1.redhat_00001.1.el9sso , < * (rpm)
        cpe:/a:redhat:red_hat_single_sign_on:7.6::el9
    Create a notification for this product.
    Red Hat RHEL-8 based Middleware Containers Unaffected: 7.6-52 , < * (rpm)
        cpe:/a:redhat:rhosemc:1.0::el8
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8     cpe:/a:redhat:jboss_enterprise_application_platform:8
    Create a notification for this product.
    Date Public
    2024-09-09 13:48
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-7341",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-09T19:59:06.075961Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-09T19:59:16.927Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://github.com/keycloak/keycloak",
              "defaultStatus": "unaffected",
              "packageName": "org.keycloak:keycloak-services",
              "versions": [
                {
                  "lessThan": "22.0.12",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "24.0.7",
                  "status": "affected",
                  "version": "23.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "25.0.5",
                  "status": "affected",
                  "version": "25.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:build_keycloak:22"
              ],
              "defaultStatus": "unaffected",
              "packageName": "org.keycloak/keycloak-services",
              "product": "Red Hat Build of Keycloak",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:build_keycloak:24"
              ],
              "defaultStatus": "unaffected",
              "packageName": "org.keycloak/keycloak-services",
              "product": "Red Hat Build of Keycloak",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:build_keycloak:22::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "rhbk/keycloak-operator-bundle",
              "product": "Red Hat build of Keycloak 22",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "22.0.12-1",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:build_keycloak:22::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "rhbk/keycloak-rhel9",
              "product": "Red Hat build of Keycloak 22",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "22-17",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:build_keycloak:22::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "rhbk/keycloak-rhel9-operator",
              "product": "Red Hat build of Keycloak 22",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "22-20",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:build_keycloak:24::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "rhbk/keycloak-operator-bundle",
              "product": "Red Hat build of Keycloak 24",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "24.0.7-4",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:build_keycloak:24::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "rhbk/keycloak-rhel9",
              "product": "Red Hat build of Keycloak 24",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "24-16",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:build_keycloak:24::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "rhbk/keycloak-rhel9-operator",
              "product": "Red Hat build of Keycloak 24",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "24-16",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:red_hat_single_sign_on:7.6"
              ],
              "defaultStatus": "unaffected",
              "packageName": "org.keycloak/keycloak-services",
              "product": "Red Hat Single Sign-On 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:red_hat_single_sign_on:7.6::el7"
              ],
              "defaultStatus": "affected",
              "packageName": "rh-sso7-keycloak",
              "product": "Red Hat Single Sign-On 7.6 for RHEL 7",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:18.0.16-1.redhat_00001.1.el7sso",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:red_hat_single_sign_on:7.6::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "rh-sso7-keycloak",
              "product": "Red Hat Single Sign-On 7.6 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:18.0.16-1.redhat_00001.1.el8sso",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:red_hat_single_sign_on:7.6::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "rh-sso7-keycloak",
              "product": "Red Hat Single Sign-On 7.6 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:18.0.16-1.redhat_00001.1.el9sso",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:rhosemc:1.0::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "rh-sso-7/sso76-openshift-rhel8",
              "product": "RHEL-8 based Middleware Containers",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "7.6-52",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8"
              ],
              "defaultStatus": "unknown",
              "packageName": "keycloak-services",
              "product": "Red Hat JBoss Enterprise Application Platform 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8"
              ],
              "defaultStatus": "affected",
              "packageName": "org.keycloak/keycloak-services",
              "product": "Red Hat JBoss Enterprise Application Platform 8",
              "vendor": "Red Hat"
            }
          ],
          "datePublic": "2024-09-09T13:48:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A session fixation issue was discovered in the SAML adapters provided by Keycloak. The session ID and JSESSIONID cookie are not changed at login time, even when the turnOffChangeSessionIdOnLogin option is configured. This flaw allows an attacker who hijacks the current session before authentication to trigger session fixation."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Moderate"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-384",
                  "description": "Session Fixation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-01T13:28:23.282Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2024:6493",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:6493"
            },
            {
              "name": "RHSA-2024:6494",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:6494"
            },
            {
              "name": "RHSA-2024:6495",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:6495"
            },
            {
              "name": "RHSA-2024:6497",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:6497"
            },
            {
              "name": "RHSA-2024:6499",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:6499"
            },
            {
              "name": "RHSA-2024:6500",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:6500"
            },
            {
              "name": "RHSA-2024:6501",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:6501"
            },
            {
              "name": "RHSA-2024:6502",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:6502"
            },
            {
              "name": "RHSA-2024:6503",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:6503"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2024-7341"
            },
            {
              "name": "RHBZ#2302064",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2302064"
            },
            {
              "url": "https://github.com/advisories/GHSA-j76j-rqwj-jmvv"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-07-31T15:02:21.000Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2024-09-09T13:48:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Wildfly-elytron: org.keycloak/keycloak-services: session fixation in elytron saml adapters",
          "workarounds": [
            {
              "lang": "en",
              "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-384: Session Fixation"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2024-7341",
        "datePublished": "2024-09-09T18:51:13.537Z",
        "dateReserved": "2024-07-31T15:13:22.220Z",
        "dateUpdated": "2026-04-01T13:28:23.282Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-7260 (GCVE-0-2024-7260)

    Vulnerability from cvelistv5 – Published: 2024-09-09 18:49 – Updated: 2026-01-23 17:00
    VLAI
    Title
    Keycloak-core: open redirect on account page
    Summary
    An open redirect vulnerability was found in Keycloak. A specially crafted URL can be constructed where the referrer and referrer_uri parameters are made to trick a user to visit a malicious webpage. A trusted URL can trick users and automation into believing that the URL is safe, when, in fact, it redirects to a malicious server. This issue can result in a victim inadvertently trusting the destination of the redirect, potentially leading to a successful phishing attack or other types of attacks. Once a crafted URL is made, it can be sent to a Keycloak admin via email for example. This will trigger this vulnerability when the user visits the page and clicks the link. A malicious actor can use this to target users they know are Keycloak admins for further attacks. It may also be possible to bypass other domain-related security checks, such as supplying this as a OAuth redirect uri. The malicious actor can further obfuscate the redirect_uri using URL encoding, to hide the text of the actual malicious website domain.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')
    Assigner
    References
    URL Tags
    https://access.redhat.com/errata/RHSA-2024:6502 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:6503 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/security/cve/CVE-2024-7260 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=2301875 issue-trackingx_refsource_REDHAT
    Impacted products
    Vendor Product Version
    Affected: 0 , < 24.0.7 (semver)
    Red Hat Red Hat Build of Keycloak     cpe:/a:redhat:build_keycloak:24
    Create a notification for this product.
    Red Hat Red Hat build of Keycloak 24 Unaffected: 24.0.7-4 , < * (rpm)
        cpe:/a:redhat:build_keycloak:24::el9
    Create a notification for this product.
    Red Hat Red Hat build of Keycloak 24 Unaffected: 24-16 , < * (rpm)
        cpe:/a:redhat:build_keycloak:24::el9
    Create a notification for this product.
    Date Public
    2024-09-09 13:55
    Credits
    This issue was discovered by Todd Cullum (Red Hat).
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-7260",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-09T19:13:21.486531Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-09T19:13:53.628Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://github.com/keycloak/keycloak",
              "defaultStatus": "unaffected",
              "packageName": "keycloak",
              "versions": [
                {
                  "lessThan": "24.0.7",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:build_keycloak:24"
              ],
              "defaultStatus": "unaffected",
              "packageName": "keycloak-core",
              "product": "Red Hat Build of Keycloak",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:build_keycloak:24::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "rhbk/keycloak-operator-bundle",
              "product": "Red Hat build of Keycloak 24",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "24.0.7-4",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:build_keycloak:24::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "rhbk/keycloak-rhel9",
              "product": "Red Hat build of Keycloak 24",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "24-16",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:build_keycloak:24::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "rhbk/keycloak-rhel9-operator",
              "product": "Red Hat build of Keycloak 24",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "24-16",
                  "versionType": "rpm"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "This issue was discovered by Todd Cullum (Red Hat)."
            }
          ],
          "datePublic": "2024-09-09T13:55:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "An open redirect vulnerability was found in Keycloak. A specially crafted URL can be constructed where the referrer and referrer_uri parameters are made to trick a user to visit a malicious webpage. A trusted URL can trick users and automation into believing that the URL is safe, when, in fact, it redirects to a malicious server. This issue can result in a victim inadvertently trusting the destination of the redirect, potentially leading to a successful phishing attack or other types of attacks.\r\n\r\nOnce a crafted URL is made, it can be sent to a Keycloak admin via email for example. This will trigger this vulnerability when the user visits the page and clicks the link. A malicious actor can use this to target users they know are Keycloak admins for further attacks. It may also be possible to bypass other domain-related security checks, such as supplying this as a OAuth redirect uri. The malicious actor can further obfuscate the redirect_uri using URL encoding, to hide the text of the actual malicious website domain."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Moderate"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-601",
                  "description": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-01-23T17:00:35.528Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2024:6502",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:6502"
            },
            {
              "name": "RHSA-2024:6503",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:6503"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2024-7260"
            },
            {
              "name": "RHBZ#2301875",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2301875"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-07-31T02:53:42.000Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2024-09-09T13:55:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Keycloak-core: open redirect on account page",
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-601: URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2024-7260",
        "datePublished": "2024-09-09T18:49:59.437Z",
        "dateReserved": "2024-07-30T02:24:02.197Z",
        "dateUpdated": "2026-01-23T17:00:35.528Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-4629 (GCVE-0-2024-4629)

    Vulnerability from cvelistv5 – Published: 2024-09-03 19:42 – Updated: 2026-03-26 23:13
    VLAI
    Title
    Keycloak: potential bypass of brute force protection
    Summary
    A vulnerability was found in Keycloak. This flaw allows attackers to bypass brute force protection by exploiting the timing of login attempts. By initiating multiple login requests simultaneously, attackers can exceed the configured limits for failed attempts before the system locks them out. This timing loophole enables attackers to make more guesses at passwords than intended, potentially compromising account security on affected systems.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-837 - Improper Enforcement of a Single, Unique Action
    Assigner
    Impacted products
    Vendor Product Version
    Affected: 24.0.3
    Red Hat Red Hat Build of Keycloak     cpe:/a:redhat:build_keycloak:22
    Create a notification for this product.
    Red Hat Red Hat build of Keycloak 22 Unaffected: 22.0.12-1 , < * (rpm)
        cpe:/a:redhat:build_keycloak:22::el9
    Create a notification for this product.
    Red Hat Red Hat build of Keycloak 22 Unaffected: 22-17 , < * (rpm)
        cpe:/a:redhat:build_keycloak:22::el9
    Create a notification for this product.
    Red Hat Red Hat build of Keycloak 22 Unaffected: 22-20 , < * (rpm)
        cpe:/a:redhat:build_keycloak:22::el9
    Create a notification for this product.
    Red Hat Red Hat Single Sign-On 7     cpe:/a:redhat:red_hat_single_sign_on:7.6
    Create a notification for this product.
    Red Hat Red Hat Single Sign-On 7.6 for RHEL 7 Unaffected: 0:18.0.16-1.redhat_00001.1.el7sso , < * (rpm)
        cpe:/a:redhat:red_hat_single_sign_on:7.6::el7
    Create a notification for this product.
    Red Hat Red Hat Single Sign-On 7.6 for RHEL 8 Unaffected: 0:18.0.16-1.redhat_00001.1.el8sso , < * (rpm)
        cpe:/a:redhat:red_hat_single_sign_on:7.6::el8
    Create a notification for this product.
    Red Hat Red Hat Single Sign-On 7.6 for RHEL 9 Unaffected: 0:18.0.16-1.redhat_00001.1.el9sso , < * (rpm)
        cpe:/a:redhat:red_hat_single_sign_on:7.6::el9
    Create a notification for this product.
    Red Hat RHEL-8 based Middleware Containers Unaffected: 7.6-52 , < * (rpm)
        cpe:/a:redhat:rhosemc:1.0::el8
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8     cpe:/a:redhat:jboss_enterprise_application_platform:8
    Create a notification for this product.
    Date Public
    2024-09-03 19:38
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-4629",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-03T20:20:28.329028Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-03T20:20:42.938Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-11-14T16:59:26.284Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "https://security.humanativaspa.it/an-analysis-of-the-keycloak-authentication-system/"
              },
              {
                "url": "https://github.com/hnsecurity/vulns/blob/main/HNS-2024-09-Keycloak.md"
              }
            ],
            "title": "CVE Program Container",
            "x_generator": {
              "engine": "ADPogram 0.0.1"
            }
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://github.com/keycloak/keycloak",
              "packageName": "keycloak",
              "versions": [
                {
                  "status": "affected",
                  "version": "24.0.3"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:build_keycloak:22"
              ],
              "defaultStatus": "unaffected",
              "packageName": "org.keycloak-keycloak-parent",
              "product": "Red Hat Build of Keycloak",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:build_keycloak:22::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "rhbk/keycloak-operator-bundle",
              "product": "Red Hat build of Keycloak 22",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "22.0.12-1",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:build_keycloak:22::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "rhbk/keycloak-rhel9",
              "product": "Red Hat build of Keycloak 22",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "22-17",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:build_keycloak:22::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "rhbk/keycloak-rhel9-operator",
              "product": "Red Hat build of Keycloak 22",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "22-20",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:red_hat_single_sign_on:7.6"
              ],
              "defaultStatus": "unaffected",
              "packageName": "org.keycloak-keycloak-parent",
              "product": "Red Hat Single Sign-On 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:red_hat_single_sign_on:7.6::el7"
              ],
              "defaultStatus": "affected",
              "packageName": "rh-sso7-keycloak",
              "product": "Red Hat Single Sign-On 7.6 for RHEL 7",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:18.0.16-1.redhat_00001.1.el7sso",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:red_hat_single_sign_on:7.6::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "rh-sso7-keycloak",
              "product": "Red Hat Single Sign-On 7.6 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:18.0.16-1.redhat_00001.1.el8sso",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:red_hat_single_sign_on:7.6::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "rh-sso7-keycloak",
              "product": "Red Hat Single Sign-On 7.6 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:18.0.16-1.redhat_00001.1.el9sso",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:rhosemc:1.0::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "rh-sso-7/sso76-openshift-rhel8",
              "product": "RHEL-8 based Middleware Containers",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "7.6-52",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8"
              ],
              "defaultStatus": "unaffected",
              "packageName": "org.keycloak-keycloak-parent",
              "product": "Red Hat JBoss Enterprise Application Platform 8",
              "vendor": "Red Hat"
            }
          ],
          "datePublic": "2024-09-03T19:38:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was found in Keycloak. This flaw allows attackers to bypass brute force protection by exploiting the timing of login attempts. By initiating multiple login requests simultaneously, attackers can exceed the configured limits for failed attempts before the system locks them out. This timing loophole enables attackers to make more guesses at passwords than intended, potentially compromising account security on affected systems."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Low"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-837",
                  "description": "Improper Enforcement of a Single, Unique Action",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-26T23:13:50.144Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2024:6493",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:6493"
            },
            {
              "name": "RHSA-2024:6494",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:6494"
            },
            {
              "name": "RHSA-2024:6495",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:6495"
            },
            {
              "name": "RHSA-2024:6497",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:6497"
            },
            {
              "name": "RHSA-2024:6499",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:6499"
            },
            {
              "name": "RHSA-2024:6500",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:6500"
            },
            {
              "name": "RHSA-2024:6501",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:6501"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2024-4629"
            },
            {
              "name": "RHBZ#2276761",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2276761"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-04-23T00:00:00.000Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2024-09-03T19:38:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Keycloak: potential bypass of brute force protection",
          "workarounds": [
            {
              "lang": "en",
              "value": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-837: Improper Enforcement of a Single, Unique Action"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2024-4629",
        "datePublished": "2024-09-03T19:42:01.318Z",
        "dateReserved": "2024-05-07T20:47:03.184Z",
        "dateUpdated": "2026-03-26T23:13:50.144Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-6787 (GCVE-0-2023-6787)

    Vulnerability from cvelistv5 – Published: 2024-04-25 16:02 – Updated: 2025-11-11 15:57
    VLAI
    Title
    Keycloak: session hijacking via re-authentication
    Summary
    A flaw was found in Keycloak that occurs from an error in the re-authentication mechanism within org.keycloak.authentication. This flaw allows hijacking an active Keycloak session by triggering a new authentication process with the query parameter "prompt=login," prompting the user to re-enter their credentials. If the user cancels this re-authentication by selecting "Restart login," an account takeover may occur, as the new session, with a different SUB, will possess the same SID as the previous session.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-287 - Improper Authentication
    Assigner
    References
    Impacted products
    Vendor Product Version
    Affected: 0 , < 22.0.10 (semver)
    Affected: 0 , < 24.0.3 (semver)
    Red Hat Red Hat build of Keycloak 22 Unaffected: 22.0.10-1 , < * (rpm)
        cpe:/a:redhat:build_keycloak:22::el9
    Create a notification for this product.
    Red Hat Red Hat build of Keycloak 22 Unaffected: 22-13 , < * (rpm)
        cpe:/a:redhat:build_keycloak:22::el9
    Create a notification for this product.
    Red Hat Red Hat build of Keycloak 22 Unaffected: 22-16 , < * (rpm)
        cpe:/a:redhat:build_keycloak:22::el9
    Create a notification for this product.
    Red Hat Red Hat build of Keycloak 22.0.10     cpe:/a:redhat:build_keycloak:22
    Create a notification for this product.
    Red Hat Red Hat Single Sign-On 7     cpe:/a:redhat:red_hat_single_sign_on:7
    Create a notification for this product.
    Date Public
    2024-02-21 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-6787",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-04-25T19:40:17.217959Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-287",
                    "description": "CWE-287 Improper Authentication",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-04T17:17:12.505Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T08:42:07.631Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "RHSA-2024:1867",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:1867"
              },
              {
                "name": "RHSA-2024:1868",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:1868"
              },
              {
                "tags": [
                  "vdb-entry",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2023-6787"
              },
              {
                "name": "RHBZ#2254375",
                "tags": [
                  "issue-tracking",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254375"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://github.com/keycloak/keycloak",
              "packageName": "keycloak",
              "versions": [
                {
                  "lessThan": "22.0.10",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "24.0.3",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:build_keycloak:22::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "rhbk/keycloak-operator-bundle",
              "product": "Red Hat build of Keycloak 22",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "22.0.10-1",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:build_keycloak:22::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "rhbk/keycloak-rhel9",
              "product": "Red Hat build of Keycloak 22",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "22-13",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:build_keycloak:22::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "rhbk/keycloak-rhel9-operator",
              "product": "Red Hat build of Keycloak 22",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "22-16",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:build_keycloak:22"
              ],
              "defaultStatus": "unaffected",
              "packageName": "keycloak-core",
              "product": "Red Hat build of Keycloak 22.0.10",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:red_hat_single_sign_on:7"
              ],
              "defaultStatus": "affected",
              "packageName": "rh-sso7-keycloak",
              "product": "Red Hat Single Sign-On 7",
              "vendor": "Red Hat"
            }
          ],
          "datePublic": "2024-02-21T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in Keycloak that occurs from an error in the re-authentication mechanism within org.keycloak.authentication. This flaw allows hijacking an active Keycloak session by triggering a new authentication process with the query parameter \"prompt=login,\" prompting the user to re-enter their credentials. If the user cancels this re-authentication by selecting \"Restart login,\" an account takeover may occur, as the new session, with a different SUB, will possess the same SID as the previous session."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Moderate"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-287",
                  "description": "Improper Authentication",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-11T15:57:32.291Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2024:1867",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:1867"
            },
            {
              "name": "RHSA-2024:1868",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:1868"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2023-6787"
            },
            {
              "name": "RHBZ#2254375",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254375"
            },
            {
              "url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-c9h6-v78w-52wj"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2023-05-03T00:00:00.000Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2024-02-21T00:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Keycloak: session hijacking via re-authentication",
          "x_redhatCweChain": "CWE-287: Improper Authentication"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2023-6787",
        "datePublished": "2024-04-25T16:02:32.916Z",
        "dateReserved": "2023-12-13T16:22:00.344Z",
        "dateUpdated": "2025-11-11T15:57:32.291Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-1132 (GCVE-0-2024-1132)

    Vulnerability from cvelistv5 – Published: 2024-04-17 13:21 – Updated: 2026-05-16 23:26
    VLAI
    Title
    Keycloak: path transversal in redirection validation
    Summary
    A flaw was found in Keycloak, where it does not properly validate URLs included in a redirect. This issue could allow an attacker to construct a malicious request to bypass validation and access other URLs and sensitive information within the domain or conduct further attacks. This flaw affects any client that utilizes a wildcard in the Valid Redirect URIs field, and requires user interaction within the malicious URL.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
    Assigner
    References
    URL Tags
    https://access.redhat.com/errata/RHSA-2024:1860 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:1861 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:1862 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:1864 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:1866 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:1867 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:1868 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:2945 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:3752 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:3762 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:3919 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:3989 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/security/cve/CVE-2024-1132 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=2262117 issue-trackingx_refsource_REDHAT
    Impacted products
    Vendor Product Version
    Affected: 21.1.0 , < 22.0.10 (semver)
    Affected: 23.0.0 , < 24.0.3 (semver)
    Red Hat Migration Toolkit for Runtimes 1 on RHEL 8 Unaffected: 1.2-23 , < * (rpm)
        cpe:/a:redhat:migration_toolkit_runtimes:1.0::el8
    Create a notification for this product.
    Red Hat Migration Toolkit for Runtimes 1 on RHEL 8 Unaffected: 1.2-15 , < * (rpm)
        cpe:/a:redhat:migration_toolkit_runtimes:1.0::el8
    Create a notification for this product.
    Red Hat Migration Toolkit for Runtimes 1 on RHEL 8 Unaffected: 1.2-16 , < * (rpm)
        cpe:/a:redhat:migration_toolkit_runtimes:1.0::el8
    Create a notification for this product.
    Red Hat Migration Toolkit for Runtimes 1 on RHEL 8 Unaffected: 1.2-14 , < * (rpm)
        cpe:/a:redhat:migration_toolkit_runtimes:1.0::el8
    Create a notification for this product.
    Red Hat MTA-6.2-RHEL-9 Unaffected: 6.2.3-2 , < * (rpm)
        cpe:/a:redhat:migration_toolkit_applications:6.2::el8
        cpe:/a:redhat:migration_toolkit_applications:6.2::el9
    Create a notification for this product.
    Red Hat Red Hat AMQ Broker 7     cpe:/a:redhat:amq_broker:7.10
    Create a notification for this product.
    Red Hat Red Hat AMQ Broker 7     cpe:/a:redhat:amq_broker:7.11
    Create a notification for this product.
    Red Hat Red Hat AMQ Broker 7     cpe:/a:redhat:amq_broker:7.12
    Create a notification for this product.
    Red Hat Red Hat build of Keycloak 22 Unaffected: 22.0.10-1 , < * (rpm)
        cpe:/a:redhat:build_keycloak:22::el9
    Create a notification for this product.
    Red Hat Red Hat build of Keycloak 22 Unaffected: 22-13 , < * (rpm)
        cpe:/a:redhat:build_keycloak:22::el9
    Create a notification for this product.
    Red Hat Red Hat build of Keycloak 22 Unaffected: 22-16 , < * (rpm)
        cpe:/a:redhat:build_keycloak:22::el9
    Create a notification for this product.
    Red Hat Red Hat build of Keycloak 22.0.10     cpe:/a:redhat:build_keycloak:22
    Create a notification for this product.
    Red Hat Red Hat Single Sign-On 7.6 for RHEL 7 Unaffected: 0:18.0.13-1.redhat_00001.1.el7sso , < * (rpm)
        cpe:/a:redhat:red_hat_single_sign_on:7.6::el7
    Create a notification for this product.
    Red Hat Red Hat Single Sign-On 7.6 for RHEL 8 Unaffected: 0:18.0.13-1.redhat_00001.1.el8sso , < * (rpm)
        cpe:/a:redhat:red_hat_single_sign_on:7.6::el8
    Create a notification for this product.
    Red Hat Red Hat Single Sign-On 7.6 for RHEL 9 Unaffected: 0:18.0.13-1.redhat_00001.1.el9sso , < * (rpm)
        cpe:/a:redhat:red_hat_single_sign_on:7.6::el9
    Create a notification for this product.
    Red Hat RHEL-8 based Middleware Containers Unaffected: 7.6-46 , < * (rpm)
        cpe:/a:redhat:rhosemc:1.0::el8
    Create a notification for this product.
    Red Hat RHSSO 7.6.8     cpe:/a:redhat:red_hat_single_sign_on:7.6
    Create a notification for this product.
    Red Hat Red Hat build of Apicurio Registry 2     cpe:/a:redhat:service_registry:2
    Create a notification for this product.
    Red Hat Red Hat build of Quarkus     cpe:/a:redhat:quarkus:2
    Create a notification for this product.
    Red Hat Red Hat build of Quarkus     cpe:/a:redhat:quarkus:3
    Create a notification for this product.
    Red Hat Red Hat Data Grid 8     cpe:/a:redhat:jboss_data_grid:8
    Create a notification for this product.
    Red Hat Red Hat Decision Manager 7     cpe:/a:redhat:jboss_enterprise_brms_platform:7
    Create a notification for this product.
    Red Hat Red Hat Fuse 7     cpe:/a:redhat:jboss_fuse:7
    Create a notification for this product.
    Red Hat Red Hat JBoss Data Grid 7     cpe:/a:redhat:jboss_data_grid:7
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 6     cpe:/a:redhat:jboss_enterprise_application_platform:6
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7     cpe:/a:redhat:jboss_enterprise_application_platform:7
    Create a notification for this product.
    Red Hat Red Hat Process Automation 7     cpe:/a:redhat:jboss_enterprise_bpms_platform:7
    Create a notification for this product.
    Date Public
    2024-04-16 00:00
    Credits
    Red Hat would like to thank Axel Flamcourt for reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-1132",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-04-23T18:37:10.567431Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-22",
                    "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-04T17:59:39.871Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T18:26:30.564Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "RHSA-2024:1860",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:1860"
              },
              {
                "name": "RHSA-2024:1861",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:1861"
              },
              {
                "name": "RHSA-2024:1862",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:1862"
              },
              {
                "name": "RHSA-2024:1864",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:1864"
              },
              {
                "name": "RHSA-2024:1866",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:1866"
              },
              {
                "name": "RHSA-2024:1867",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:1867"
              },
              {
                "name": "RHSA-2024:1868",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:1868"
              },
              {
                "name": "RHSA-2024:2945",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:2945"
              },
              {
                "name": "RHSA-2024:3752",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:3752"
              },
              {
                "name": "RHSA-2024:3762",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:3762"
              },
              {
                "name": "RHSA-2024:3919",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:3919"
              },
              {
                "name": "RHSA-2024:3989",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:3989"
              },
              {
                "tags": [
                  "vdb-entry",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2024-1132"
              },
              {
                "name": "RHBZ#2262117",
                "tags": [
                  "issue-tracking",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2262117"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://github.com/keycloak/keycloak",
              "defaultStatus": "unaffected",
              "packageName": "keycloak",
              "versions": [
                {
                  "lessThan": "22.0.10",
                  "status": "affected",
                  "version": "21.1.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "24.0.3",
                  "status": "affected",
                  "version": "23.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:migration_toolkit_runtimes:1.0::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "mtr/mtr-operator-bundle",
              "product": "Migration Toolkit for Runtimes 1 on RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1.2-23",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:migration_toolkit_runtimes:1.0::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "mtr/mtr-rhel8-operator",
              "product": "Migration Toolkit for Runtimes 1 on RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1.2-15",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:migration_toolkit_runtimes:1.0::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "mtr/mtr-web-container-rhel8",
              "product": "Migration Toolkit for Runtimes 1 on RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1.2-16",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:migration_toolkit_runtimes:1.0::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "mtr/mtr-web-executor-container-rhel8",
              "product": "Migration Toolkit for Runtimes 1 on RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1.2-14",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:migration_toolkit_applications:6.2::el8",
                "cpe:/a:redhat:migration_toolkit_applications:6.2::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "mta/mta-windup-addon-rhel9",
              "product": "MTA-6.2-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "6.2.3-2",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
              "cpes": [
                "cpe:/a:redhat:amq_broker:7.10"
              ],
              "defaultStatus": "unaffected",
              "product": "Red Hat AMQ Broker 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
              "cpes": [
                "cpe:/a:redhat:amq_broker:7.11"
              ],
              "defaultStatus": "unaffected",
              "packageName": "keycloak",
              "product": "Red Hat AMQ Broker 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
              "cpes": [
                "cpe:/a:redhat:amq_broker:7.12"
              ],
              "defaultStatus": "unaffected",
              "product": "Red Hat AMQ Broker 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:build_keycloak:22::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "rhbk/keycloak-operator-bundle",
              "product": "Red Hat build of Keycloak 22",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "22.0.10-1",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:build_keycloak:22::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "rhbk/keycloak-rhel9",
              "product": "Red Hat build of Keycloak 22",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "22-13",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:build_keycloak:22::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "rhbk/keycloak-rhel9-operator",
              "product": "Red Hat build of Keycloak 22",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "22-16",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:build_keycloak:22"
              ],
              "defaultStatus": "unaffected",
              "packageName": "keycloak",
              "product": "Red Hat build of Keycloak 22.0.10",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:red_hat_single_sign_on:7.6::el7"
              ],
              "defaultStatus": "affected",
              "packageName": "rh-sso7-keycloak",
              "product": "Red Hat Single Sign-On 7.6 for RHEL 7",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:18.0.13-1.redhat_00001.1.el7sso",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:red_hat_single_sign_on:7.6::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "rh-sso7-keycloak",
              "product": "Red Hat Single Sign-On 7.6 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:18.0.13-1.redhat_00001.1.el8sso",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:red_hat_single_sign_on:7.6::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "rh-sso7-keycloak",
              "product": "Red Hat Single Sign-On 7.6 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:18.0.13-1.redhat_00001.1.el9sso",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:rhosemc:1.0::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "rh-sso-7/sso76-openshift-rhel8",
              "product": "RHEL-8 based Middleware Containers",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "7.6-46",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:red_hat_single_sign_on:7.6"
              ],
              "defaultStatus": "unaffected",
              "packageName": "rh-sso7-keycloak",
              "product": "RHSSO 7.6.8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:service_registry:2"
              ],
              "defaultStatus": "affected",
              "packageName": "keycloak",
              "product": "Red Hat build of Apicurio Registry 2",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:quarkus:2"
              ],
              "defaultStatus": "affected",
              "packageName": "org.keycloak/keycloak-core",
              "product": "Red Hat build of Quarkus",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:quarkus:3"
              ],
              "defaultStatus": "affected",
              "packageName": "org.keycloak/keycloak-core",
              "product": "Red Hat build of Quarkus",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_data_grid:8"
              ],
              "defaultStatus": "unaffected",
              "packageName": "org.wildfly.security-wildfly-elytron-parent",
              "product": "Red Hat Data Grid 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_brms_platform:7"
              ],
              "defaultStatus": "unknown",
              "packageName": "keycloak",
              "product": "Red Hat Decision Manager 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_fuse:7"
              ],
              "defaultStatus": "affected",
              "packageName": "keycloak",
              "product": "Red Hat Fuse 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
              "cpes": [
                "cpe:/a:redhat:jboss_data_grid:7"
              ],
              "defaultStatus": "unaffected",
              "packageName": "keycloak",
              "product": "Red Hat JBoss Data Grid 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:6"
              ],
              "defaultStatus": "unknown",
              "packageName": "keycloak",
              "product": "Red Hat JBoss Enterprise Application Platform 6",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:7"
              ],
              "defaultStatus": "unaffected",
              "packageName": "keycloak-core",
              "product": "Red Hat JBoss Enterprise Application Platform 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_bpms_platform:7"
              ],
              "defaultStatus": "affected",
              "packageName": "keycloak",
              "product": "Red Hat Process Automation 7",
              "vendor": "Red Hat"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Red Hat would like to thank Axel Flamcourt for reporting this issue."
            }
          ],
          "datePublic": "2024-04-16T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in Keycloak, where it does not properly validate URLs included in a redirect. This issue could allow an attacker to construct a malicious request to bypass validation and access other URLs and sensitive information within the domain or conduct further attacks. This flaw affects any client that utilizes a wildcard in the Valid Redirect URIs field, and requires user interaction within the malicious URL."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Important"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 8.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-22",
                  "description": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-16T23:26:21.991Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2024:1860",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:1860"
            },
            {
              "name": "RHSA-2024:1861",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:1861"
            },
            {
              "name": "RHSA-2024:1862",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:1862"
            },
            {
              "name": "RHSA-2024:1864",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:1864"
            },
            {
              "name": "RHSA-2024:1866",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:1866"
            },
            {
              "name": "RHSA-2024:1867",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:1867"
            },
            {
              "name": "RHSA-2024:1868",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:1868"
            },
            {
              "name": "RHSA-2024:2945",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:2945"
            },
            {
              "name": "RHSA-2024:3752",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:3752"
            },
            {
              "name": "RHSA-2024:3762",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:3762"
            },
            {
              "name": "RHSA-2024:3919",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:3919"
            },
            {
              "name": "RHSA-2024:3989",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:3989"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2024-1132"
            },
            {
              "name": "RHBZ#2262117",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2262117"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-01-31T00:00:00.000Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2024-04-16T00:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Keycloak: path transversal in redirection validation",
          "workarounds": [
            {
              "lang": "en",
              "value": "No current mitigation is available for this vulnerability."
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2024-1132",
        "datePublished": "2024-04-17T13:21:19.130Z",
        "dateReserved": "2024-01-31T17:07:33.455Z",
        "dateUpdated": "2026-05-16T23:26:21.991Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-1722 (GCVE-0-2024-1722)

    Vulnerability from cvelistv5 – Published: 2024-02-27 17:39 – Updated: 2025-11-21 06:27
    VLAI
    Title
    Keycloak-core: dos via account lockout
    Summary
    A flaw was found in Keycloak. In certain conditions, this issue may allow a remote unauthenticated attacker to block other accounts from logging in.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-645 - Overly Restrictive Account Lockout Mechanism
    Assigner
    References
    URL Tags
    https://access.redhat.com/security/cve/CVE-2024-1722 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=2265389 issue-trackingx_refsource_REDHAT
    Impacted products
    Vendor Product Version
    Affected: 4.15.0
    Red Hat Red Hat Build of Keycloak     cpe:/a:redhat:build_keycloak:
    Create a notification for this product.
    Red Hat Red Hat Single Sign-On 7     cpe:/a:redhat:red_hat_single_sign_on:7
    Create a notification for this product.
    Date Public
    2024-02-21 00:00
    Credits
    Red Hat would like to thank Maor Abutbul (CyberArk) for reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-1722",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-02-29T20:52:47.119910Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-05T17:22:05.586Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T18:48:21.816Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2024-1722"
              },
              {
                "name": "RHBZ#2265389",
                "tags": [
                  "issue-tracking",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2265389"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://bitbucket.org/b_c/jose4j/src/master/",
              "defaultStatus": "unaffected",
              "packageName": "keycloak-core",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.15.0"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:build_keycloak:"
              ],
              "defaultStatus": "affected",
              "packageName": "keycloak-core",
              "product": "Red Hat Build of Keycloak",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:red_hat_single_sign_on:7"
              ],
              "defaultStatus": "affected",
              "packageName": "rh-sso7-keycloak",
              "product": "Red Hat Single Sign-On 7",
              "vendor": "Red Hat"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Red Hat would like to thank Maor Abutbul (CyberArk) for reporting this issue."
            }
          ],
          "datePublic": "2024-02-21T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in Keycloak. In certain conditions, this issue may allow a remote unauthenticated attacker to block other accounts from logging in."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Low"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 3.7,
                "baseSeverity": "LOW",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-645",
                  "description": "Overly Restrictive Account Lockout Mechanism",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-21T06:27:40.399Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2024-1722"
            },
            {
              "name": "RHBZ#2265389",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2265389"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-02-12T00:00:00.000Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2024-02-21T00:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Keycloak-core: dos via account lockout",
          "workarounds": [
            {
              "lang": "en",
              "value": "Red Hat Product Security is not aware of a way to completely mitigate this issue. However, the following techniques can be used to help prevent exploitation:\n- Put limits on frequency of account registration, restricting how often an attacker could utilize this attack \n- Restrict new account registration to not allow email addresses in the username field, for example, by not allowing the \"@\" symbol. Note: this cannot prevent attacks against existing users who have registered with an email address.\n\nIf this vulnerability has been triggered, an administrator has two options to remedy it manually by modifying the second account (of the attacker):\n- Delete the account\n- Change the username"
            }
          ],
          "x_redhatCweChain": "CWE-645: Overly Restrictive Account Lockout Mechanism"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2024-1722",
        "datePublished": "2024-02-27T17:39:13.261Z",
        "dateReserved": "2024-02-21T19:39:16.206Z",
        "dateUpdated": "2025-11-21T06:27:40.399Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-6291 (GCVE-0-2023-6291)

    Vulnerability from cvelistv5 – Published: 2024-01-26 14:23 – Updated: 2025-11-11 16:12
    VLAI
    Title
    Keycloak: redirect_uri validation bypass
    Summary
    A flaw was found in the redirect_uri validation logic in Keycloak. This issue may allow a bypass of otherwise explicitly allowed hosts. A successful attack may lead to an access token being stolen, making it possible for the attacker to impersonate other users.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')
    Assigner
    References
    URL Tags
    https://access.redhat.com/errata/RHSA-2023:7854 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2023:7855 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2023:7856 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2023:7857 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2023:7858 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2023:7860 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2023:7861 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:0798 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:0799 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:0800 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:0801 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:0804 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/security/cve/CVE-2023-6291 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=2251407 issue-trackingx_refsource_REDHAT
    Impacted products
    Vendor Product Version
    Red Hat Red Hat build of Keycloak 22 Unaffected: 22.0.7-1 , < * (rpm)
        cpe:/a:redhat:build_keycloak:22::el9
    Create a notification for this product.
    Red Hat Red Hat build of Keycloak 22 Unaffected: 22-6 , < * (rpm)
        cpe:/a:redhat:build_keycloak:22::el9
    Create a notification for this product.
    Red Hat Red Hat build of Keycloak 22 Unaffected: 22-9 , < * (rpm)
        cpe:/a:redhat:build_keycloak:22::el9
    Create a notification for this product.
    Red Hat Red Hat build of Keycloak 22.0.7     cpe:/a:redhat:build_keycloak:22
    Create a notification for this product.
    Red Hat Red Hat Single Sign-On 7     cpe:/a:redhat:red_hat_single_sign_on:7.6
    Create a notification for this product.
    Red Hat Red Hat Single Sign-On 7.6 for RHEL 7 Unaffected: 0:18.0.11-2.redhat_00003.1.el7sso , < * (rpm)
        cpe:/a:redhat:red_hat_single_sign_on:7.6::el7
    Create a notification for this product.
    Red Hat Red Hat Single Sign-On 7.6 for RHEL 7 Unaffected: 0:18.0.12-1.redhat_00001.1.el7sso , < * (rpm)
        cpe:/a:redhat:red_hat_single_sign_on:7.6::el7
    Create a notification for this product.
    Red Hat Red Hat Single Sign-On 7.6 for RHEL 8 Unaffected: 0:18.0.11-2.redhat_00003.1.el8sso , < * (rpm)
        cpe:/a:redhat:red_hat_single_sign_on:7.6::el8
    Create a notification for this product.
    Red Hat Red Hat Single Sign-On 7.6 for RHEL 8 Unaffected: 0:18.0.12-1.redhat_00001.1.el8sso , < * (rpm)
        cpe:/a:redhat:red_hat_single_sign_on:7.6::el8
    Create a notification for this product.
    Red Hat Red Hat Single Sign-On 7.6 for RHEL 9 Unaffected: 0:18.0.11-2.redhat_00003.1.el9sso , < * (rpm)
        cpe:/a:redhat:red_hat_single_sign_on:7.6::el9
    Create a notification for this product.
    Red Hat Red Hat Single Sign-On 7.6 for RHEL 9 Unaffected: 0:18.0.12-1.redhat_00001.1.el9sso , < * (rpm)
        cpe:/a:redhat:red_hat_single_sign_on:7.6::el9
    Create a notification for this product.
    Red Hat RHEL-8 based Middleware Containers Unaffected: 7.6-38 , < * (rpm)
        cpe:/a:redhat:rhosemc:1.0::el8
    Create a notification for this product.
    Red Hat RHEL-8 based Middleware Containers Unaffected: 7.6.6-2 , < * (rpm)
        cpe:/a:redhat:rhosemc:1.0::el8
    Create a notification for this product.
    Red Hat RHEL-8 based Middleware Containers Unaffected: 7.6-41 , < * (rpm)
        cpe:/a:redhat:rhosemc:1.0::el8
    Create a notification for this product.
    Red Hat Single Sign-On 7.6.6     cpe:/a:redhat:red_hat_single_sign_on:7.6.6
    Create a notification for this product.
    Red Hat Migration Toolkit for Applications 6     cpe:/a:redhat:migration_toolkit_applications:6
    Create a notification for this product.
    Red Hat Migration Toolkit for Applications 7     cpe:/a:redhat:migration_toolkit_applications:7
    Create a notification for this product.
    Red Hat OpenShift Serverless     cpe:/a:redhat:serverless:1
    Create a notification for this product.
    Red Hat Red Hat Data Grid 8     cpe:/a:redhat:jboss_data_grid:8
    Create a notification for this product.
    Red Hat Red Hat Decision Manager 7     cpe:/a:redhat:jboss_enterprise_brms_platform:7
    Create a notification for this product.
    Red Hat Red Hat Fuse 7     cpe:/a:redhat:jboss_fuse:7
    Create a notification for this product.
    Red Hat Red Hat JBoss Data Grid 7     cpe:/a:redhat:jboss_data_grid:7
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 6     cpe:/a:redhat:jboss_enterprise_application_platform:6
    Create a notification for this product.
    Red Hat Red Hat Process Automation 7     cpe:/a:redhat:jboss_enterprise_bpms_platform:7
    Create a notification for this product.
    Date Public
    2023-12-14 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T08:28:21.867Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "RHSA-2023:7854",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2023:7854"
              },
              {
                "name": "RHSA-2023:7855",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2023:7855"
              },
              {
                "name": "RHSA-2023:7856",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2023:7856"
              },
              {
                "name": "RHSA-2023:7857",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2023:7857"
              },
              {
                "name": "RHSA-2023:7858",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2023:7858"
              },
              {
                "name": "RHSA-2023:7860",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2023:7860"
              },
              {
                "name": "RHSA-2023:7861",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2023:7861"
              },
              {
                "name": "RHSA-2024:0798",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:0798"
              },
              {
                "name": "RHSA-2024:0799",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:0799"
              },
              {
                "name": "RHSA-2024:0800",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:0800"
              },
              {
                "name": "RHSA-2024:0801",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:0801"
              },
              {
                "name": "RHSA-2024:0804",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:0804"
              },
              {
                "tags": [
                  "vdb-entry",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2023-6291"
              },
              {
                "name": "RHBZ#2251407",
                "tags": [
                  "issue-tracking",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2251407"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-6291",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-13T14:56:46.143772Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-13T14:56:59.598Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:build_keycloak:22::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "rhbk/keycloak-operator-bundle",
              "product": "Red Hat build of Keycloak 22",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "22.0.7-1",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:build_keycloak:22::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "rhbk/keycloak-rhel9",
              "product": "Red Hat build of Keycloak 22",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "22-6",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:build_keycloak:22::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "rhbk/keycloak-rhel9-operator",
              "product": "Red Hat build of Keycloak 22",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "22-9",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
              "cpes": [
                "cpe:/a:redhat:build_keycloak:22"
              ],
              "defaultStatus": "unaffected",
              "product": "Red Hat build of Keycloak 22.0.7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:red_hat_single_sign_on:7.6"
              ],
              "defaultStatus": "unaffected",
              "packageName": "rh-sso7-keycloak",
              "product": "Red Hat Single Sign-On 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:red_hat_single_sign_on:7.6::el7"
              ],
              "defaultStatus": "affected",
              "packageName": "rh-sso7-keycloak",
              "product": "Red Hat Single Sign-On 7.6 for RHEL 7",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:18.0.11-2.redhat_00003.1.el7sso",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:red_hat_single_sign_on:7.6::el7"
              ],
              "defaultStatus": "affected",
              "packageName": "rh-sso7-keycloak",
              "product": "Red Hat Single Sign-On 7.6 for RHEL 7",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:18.0.12-1.redhat_00001.1.el7sso",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:red_hat_single_sign_on:7.6::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "rh-sso7-keycloak",
              "product": "Red Hat Single Sign-On 7.6 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:18.0.11-2.redhat_00003.1.el8sso",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:red_hat_single_sign_on:7.6::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "rh-sso7-keycloak",
              "product": "Red Hat Single Sign-On 7.6 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:18.0.12-1.redhat_00001.1.el8sso",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:red_hat_single_sign_on:7.6::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "rh-sso7-keycloak",
              "product": "Red Hat Single Sign-On 7.6 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:18.0.11-2.redhat_00003.1.el9sso",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:red_hat_single_sign_on:7.6::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "rh-sso7-keycloak",
              "product": "Red Hat Single Sign-On 7.6 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:18.0.12-1.redhat_00001.1.el9sso",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:rhosemc:1.0::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "rh-sso-7/sso76-openshift-rhel8",
              "product": "RHEL-8 based Middleware Containers",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "7.6-38",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:rhosemc:1.0::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "rh-sso-7/sso7-rhel8-operator-bundle",
              "product": "RHEL-8 based Middleware Containers",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "7.6.6-2",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:rhosemc:1.0::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "rh-sso-7/sso76-openshift-rhel8",
              "product": "RHEL-8 based Middleware Containers",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "7.6-41",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
              "cpes": [
                "cpe:/a:redhat:red_hat_single_sign_on:7.6.6"
              ],
              "defaultStatus": "unaffected",
              "packageName": "rh-sso7-keycloak",
              "product": "Single Sign-On 7.6.6",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:migration_toolkit_applications:6"
              ],
              "defaultStatus": "affected",
              "packageName": "keycloak",
              "product": "Migration Toolkit for Applications 6",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:migration_toolkit_applications:7"
              ],
              "defaultStatus": "unaffected",
              "packageName": "keycloak",
              "product": "Migration Toolkit for Applications 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:serverless:1"
              ],
              "defaultStatus": "unaffected",
              "packageName": "keycloak",
              "product": "OpenShift Serverless",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_data_grid:8"
              ],
              "defaultStatus": "unaffected",
              "packageName": "keycloak",
              "product": "Red Hat Data Grid 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_brms_platform:7"
              ],
              "defaultStatus": "unaffected",
              "packageName": "keycloak",
              "product": "Red Hat Decision Manager 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_fuse:7"
              ],
              "defaultStatus": "unaffected",
              "packageName": "keycloak",
              "product": "Red Hat Fuse 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
              "cpes": [
                "cpe:/a:redhat:jboss_data_grid:7"
              ],
              "defaultStatus": "unaffected",
              "packageName": "keycloak",
              "product": "Red Hat JBoss Data Grid 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:6"
              ],
              "defaultStatus": "unaffected",
              "packageName": "rh-sso7-keycloak",
              "product": "Red Hat JBoss Enterprise Application Platform 6",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_bpms_platform:7"
              ],
              "defaultStatus": "unaffected",
              "packageName": "keycloak",
              "product": "Red Hat Process Automation 7",
              "vendor": "Red Hat"
            }
          ],
          "datePublic": "2023-12-14T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in the redirect_uri validation logic in Keycloak. This issue may allow a bypass of otherwise explicitly allowed hosts. A successful attack may lead to an access token being stolen, making it possible for the attacker to impersonate other users."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Important"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-601",
                  "description": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-11T16:12:14.005Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2023:7854",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2023:7854"
            },
            {
              "name": "RHSA-2023:7855",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2023:7855"
            },
            {
              "name": "RHSA-2023:7856",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2023:7856"
            },
            {
              "name": "RHSA-2023:7857",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2023:7857"
            },
            {
              "name": "RHSA-2023:7858",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2023:7858"
            },
            {
              "name": "RHSA-2023:7860",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2023:7860"
            },
            {
              "name": "RHSA-2023:7861",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2023:7861"
            },
            {
              "name": "RHSA-2024:0798",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:0798"
            },
            {
              "name": "RHSA-2024:0799",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:0799"
            },
            {
              "name": "RHSA-2024:0800",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:0800"
            },
            {
              "name": "RHSA-2024:0801",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:0801"
            },
            {
              "name": "RHSA-2024:0804",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:0804"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2023-6291"
            },
            {
              "name": "RHBZ#2251407",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2251407"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2023-11-24T00:00:00.000Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2023-12-14T00:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Keycloak: redirect_uri validation bypass",
          "workarounds": [
            {
              "lang": "en",
              "value": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
            }
          ],
          "x_redhatCweChain": "CWE-601: URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2023-6291",
        "datePublished": "2024-01-26T14:23:43.185Z",
        "dateReserved": "2023-11-24T18:16:45.923Z",
        "dateUpdated": "2025-11-11T16:12:14.005Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-6927 (GCVE-0-2023-6927)

    Vulnerability from cvelistv5 – Published: 2023-12-18 22:59 – Updated: 2025-11-11 15:55
    VLAI
    Title
    Keycloak: open redirect via "form_post.jwt" jarm response mode
    Summary
    A flaw was found in Keycloak. This issue may allow an attacker to steal authorization codes or tokens from clients using a wildcard in the JARM response mode "form_post.jwt" which could be used to bypass the security patch implemented to address CVE-2023-6134.
    CWE
    • CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')
    Assigner
    References
    URL Tags
    https://access.redhat.com/errata/RHSA-2024:0094 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:0095 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:0096 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:0097 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:0098 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:0100 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:0101 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:0798 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:0799 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:0800 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:0801 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:0804 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/security/cve/CVE-2023-6927 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=2255027 issue-trackingx_refsource_REDHAT
    Impacted products
    Vendor Product Version
    Red Hat Red Hat build of Keycloak 22 Unaffected: 22-7 , < * (rpm)
        cpe:/a:redhat:build_keycloak:22::el9
    Create a notification for this product.
    Red Hat Red Hat build of Keycloak 22.0.8     cpe:/a:redhat:build_keycloak:22
    Create a notification for this product.
    Red Hat Red Hat Single Sign-On 7     cpe:/a:redhat:red_hat_single_sign_on:7.6
    Create a notification for this product.
    Red Hat Red Hat Single Sign-On 7.6 for RHEL 7 Unaffected: 0:18.0.11-3.redhat_00001.1.el7sso , < * (rpm)
        cpe:/a:redhat:red_hat_single_sign_on:7.6::el7
    Create a notification for this product.
    Red Hat Red Hat Single Sign-On 7.6 for RHEL 7 Unaffected: 0:18.0.12-1.redhat_00001.1.el7sso , < * (rpm)
        cpe:/a:redhat:red_hat_single_sign_on:7.6::el7
    Create a notification for this product.
    Red Hat Red Hat Single Sign-On 7.6 for RHEL 8 Unaffected: 0:18.0.11-3.redhat_00001.1.el8sso , < * (rpm)
        cpe:/a:redhat:red_hat_single_sign_on:7.6::el8
    Create a notification for this product.
    Red Hat Red Hat Single Sign-On 7.6 for RHEL 8 Unaffected: 0:18.0.12-1.redhat_00001.1.el8sso , < * (rpm)
        cpe:/a:redhat:red_hat_single_sign_on:7.6::el8
    Create a notification for this product.
    Red Hat Red Hat Single Sign-On 7.6 for RHEL 9 Unaffected: 0:18.0.11-3.redhat_00001.1.el9sso , < * (rpm)
        cpe:/a:redhat:red_hat_single_sign_on:7.6::el9
    Create a notification for this product.
    Red Hat Red Hat Single Sign-On 7.6 for RHEL 9 Unaffected: 0:18.0.12-1.redhat_00001.1.el9sso , < * (rpm)
        cpe:/a:redhat:red_hat_single_sign_on:7.6::el9
    Create a notification for this product.
    Red Hat RHEL-8 based Middleware Containers Unaffected: 7.6-39 , < * (rpm)
        cpe:/a:redhat:rhosemc:1.0::el8
    Create a notification for this product.
    Red Hat RHEL-8 based Middleware Containers Unaffected: 7.6-41 , < * (rpm)
        cpe:/a:redhat:rhosemc:1.0::el8
    Create a notification for this product.
    Red Hat Single Sign-On 7.6.6     cpe:/a:redhat:red_hat_single_sign_on:7.6.6
    Create a notification for this product.
    Date Public
    2023-12-18 00:00
    Credits
    Red Hat would like to thank Pontus Hanssen (Pontus.Hanssen@omegapoint.se) for reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T08:42:08.664Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "RHSA-2024:0094",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:0094"
              },
              {
                "name": "RHSA-2024:0095",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:0095"
              },
              {
                "name": "RHSA-2024:0096",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:0096"
              },
              {
                "name": "RHSA-2024:0097",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:0097"
              },
              {
                "name": "RHSA-2024:0098",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:0098"
              },
              {
                "name": "RHSA-2024:0100",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:0100"
              },
              {
                "name": "RHSA-2024:0101",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:0101"
              },
              {
                "name": "RHSA-2024:0798",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:0798"
              },
              {
                "name": "RHSA-2024:0799",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:0799"
              },
              {
                "name": "RHSA-2024:0800",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:0800"
              },
              {
                "name": "RHSA-2024:0801",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:0801"
              },
              {
                "name": "RHSA-2024:0804",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:0804"
              },
              {
                "tags": [
                  "vdb-entry",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2023-6927"
              },
              {
                "name": "RHBZ#2255027",
                "tags": [
                  "issue-tracking",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2255027"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:build_keycloak:22::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "rhbk/keycloak-rhel9",
              "product": "Red Hat build of Keycloak 22",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "22-7",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:build_keycloak:22"
              ],
              "defaultStatus": "unaffected",
              "packageName": "keycloak-core",
              "product": "Red Hat build of Keycloak 22.0.8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:red_hat_single_sign_on:7.6"
              ],
              "defaultStatus": "unaffected",
              "packageName": "rh-sso7-keycloak",
              "product": "Red Hat Single Sign-On 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:red_hat_single_sign_on:7.6::el7"
              ],
              "defaultStatus": "affected",
              "packageName": "rh-sso7-keycloak",
              "product": "Red Hat Single Sign-On 7.6 for RHEL 7",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:18.0.11-3.redhat_00001.1.el7sso",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:red_hat_single_sign_on:7.6::el7"
              ],
              "defaultStatus": "affected",
              "packageName": "rh-sso7-keycloak",
              "product": "Red Hat Single Sign-On 7.6 for RHEL 7",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:18.0.12-1.redhat_00001.1.el7sso",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:red_hat_single_sign_on:7.6::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "rh-sso7-keycloak",
              "product": "Red Hat Single Sign-On 7.6 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:18.0.11-3.redhat_00001.1.el8sso",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:red_hat_single_sign_on:7.6::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "rh-sso7-keycloak",
              "product": "Red Hat Single Sign-On 7.6 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:18.0.12-1.redhat_00001.1.el8sso",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:red_hat_single_sign_on:7.6::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "rh-sso7-keycloak",
              "product": "Red Hat Single Sign-On 7.6 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:18.0.11-3.redhat_00001.1.el9sso",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:red_hat_single_sign_on:7.6::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "rh-sso7-keycloak",
              "product": "Red Hat Single Sign-On 7.6 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:18.0.12-1.redhat_00001.1.el9sso",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:rhosemc:1.0::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "rh-sso-7/sso76-openshift-rhel8",
              "product": "RHEL-8 based Middleware Containers",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "7.6-39",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:rhosemc:1.0::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "rh-sso-7/sso76-openshift-rhel8",
              "product": "RHEL-8 based Middleware Containers",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "7.6-41",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:red_hat_single_sign_on:7.6.6"
              ],
              "defaultStatus": "unaffected",
              "packageName": "rh-sso7-keycloak",
              "product": "Single Sign-On 7.6.6",
              "vendor": "Red Hat"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Red Hat would like to thank Pontus Hanssen (Pontus.Hanssen@omegapoint.se) for reporting this issue."
            }
          ],
          "datePublic": "2023-12-18T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in Keycloak. This issue may allow an attacker to steal authorization codes or tokens from clients using a wildcard in the JARM response mode \"form_post.jwt\" which could be used to bypass the security patch implemented to address CVE-2023-6134."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Moderate"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.6,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-601",
                  "description": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-11T15:55:11.670Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2024:0094",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:0094"
            },
            {
              "name": "RHSA-2024:0095",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:0095"
            },
            {
              "name": "RHSA-2024:0096",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:0096"
            },
            {
              "name": "RHSA-2024:0097",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:0097"
            },
            {
              "name": "RHSA-2024:0098",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:0098"
            },
            {
              "name": "RHSA-2024:0100",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:0100"
            },
            {
              "name": "RHSA-2024:0101",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:0101"
            },
            {
              "name": "RHSA-2024:0798",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:0798"
            },
            {
              "name": "RHSA-2024:0799",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:0799"
            },
            {
              "name": "RHSA-2024:0800",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:0800"
            },
            {
              "name": "RHSA-2024:0801",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:0801"
            },
            {
              "name": "RHSA-2024:0804",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:0804"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2023-6927"
            },
            {
              "name": "RHBZ#2255027",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2255027"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2023-12-18T00:00:00.000Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2023-12-18T00:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Keycloak: open redirect via \"form_post.jwt\" jarm response mode",
          "workarounds": [
            {
              "lang": "en",
              "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
            }
          ],
          "x_redhatCweChain": "CWE-601: URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2023-6927",
        "datePublished": "2023-12-18T22:59:07.495Z",
        "dateReserved": "2023-12-18T15:44:40.245Z",
        "dateUpdated": "2025-11-11T15:55:11.670Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }