​
DirectorySecurity Advisories
Sign In
Security Advisories

CGA-wq9p-47vf-vg24

Published

Last updated

https://images.chainguard.dev/security/CGA-wq9p-47vf-vg24
Package

keycloak-fips

Latest Update
Fixed
Fixed Version

24.0.3-r0

Aliases
  • CVE-2024-1132
  • GHSA-72vp-xfrc-42xm

Severity

8.1

High

CVSS V3

Summary

Keycloak path traversal vulnerability in redirection validation

Description

A flaw was found in Keycloak, where it does not properly validate URLs included in a redirect. An attacker can use this flaw to construct a malicious request to bypass validation and access other URLs and potentially sensitive information within the domain or possibly conduct further attacks. This flaw affects any client that utilizes a wildcard in the Valid Redirect URIs field.

Acknowledgements:

Special thanks to Axel Flamcourt for reporting this issue and helping us improve our project.

References

Updates

Safe Source for Open Sourceâ„¢
Media KitContact Us
© 2024 Chainguard. All Rights Reserved.
Private PolicyTerms of Use

Product

Chainguard Images

Why Chainguard

Container Image SecurityVulnerability RemediationCompliance and Risk MitigationSoftware Supply Chain SecurityAI/ML Security

Customers

Customer StoriesChainguard Love

Company

About UsOpen SourceCareersNewsroomLegal

Resources

Unchained BlogResearchEventsTrust CenterDocumentation