CVE-2024-1132

moderate-risk

Published 2024-04-17

A flaw was found in Keycloak, where it does not properly validate URLs included in a redirect. This issue could allow an attacker to construct a malicious request to bypass validation and access other URLs and sensitive information within the domain or conduct further attacks. This flaw affects any client that utilizes a wildcard in the Valid Redirect URIs field, and requires user interaction within the malicious URL.

Do I need to act?

0.33% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 8.1/10 High

NETWORK / LOW complexity

Affected Products (15)

Build Of Keycloak

Jboss Middleware Text-Only Advisories

Keycloak

Migration Toolkit For Applications

Migration Toolkit For Runtimes

Openshift Container Platform

Openshift Container Platform For Ibm Z

Openshift Container Platform For Linuxone

Openshift Container Platform For Power

Single Sign-On

Affected Vendors

Redhat

References (28)

Vendor Advisory https://access.redhat.com/errata/RHSA-2024:1860

Vendor Advisory https://access.redhat.com/errata/RHSA-2024:1861

Vendor Advisory https://access.redhat.com/errata/RHSA-2024:1862

Vendor Advisory https://access.redhat.com/errata/RHSA-2024:1864

Vendor Advisory https://access.redhat.com/errata/RHSA-2024:1866

Vendor Advisory https://access.redhat.com/errata/RHSA-2024:1867

Vendor Advisory https://access.redhat.com/errata/RHSA-2024:1868

Vendor Advisory https://access.redhat.com/errata/RHSA-2024:2945

Vendor Advisory https://access.redhat.com/errata/RHSA-2024:3752

Vendor Advisory https://access.redhat.com/errata/RHSA-2024:3762

Vendor Advisory https://access.redhat.com/errata/RHSA-2024:3919

Vendor Advisory https://access.redhat.com/errata/RHSA-2024:3989

Vendor Advisory https://access.redhat.com/security/cve/CVE-2024-1132

Issue Tracking https://bugzilla.redhat.com/show_bug.cgi?id=2262117

Vendor Advisory https://access.redhat.com/errata/RHSA-2024:1860

Vendor Advisory https://access.redhat.com/errata/RHSA-2024:1861

Vendor Advisory https://access.redhat.com/errata/RHSA-2024:1862

Vendor Advisory https://access.redhat.com/errata/RHSA-2024:1864

Vendor Advisory https://access.redhat.com/errata/RHSA-2024:1866

Vendor Advisory https://access.redhat.com/errata/RHSA-2024:1867

and 8 more references

/ 100

moderate-risk

Severity 28/34 · Critical

Exploitability 1/34 · Minimal

Exposure 18/34 · Moderate