DirectorySecurity Advisories
Sign In
Security Advisories

CVE-2024-8883

Published

Last updated

NVD

https://nvd.nist.gov/vuln/detail/CVE-2024-8883

CGA ID

CGA-5755-9qm9-xvmg

Severity

6.8

Medium

CVSS V3

Summary

Duplicate Advisory: Keycloak Open Redirect vulnerability

Description

Duplicate Advisory

This advisory has been withdrawn because it is a duplicate of GHSA-w8gr-xwp4-r9f7. This link is maintained to preserve external references.

Original Description

A misconfiguration flaw was found in Keycloak. This issue can allow an attacker to redirect users to an arbitrary URL if a 'Valid Redirect URI' is set to http://localhost or http://127.0.0.1, enabling sensitive information such as authorization codes to be exposed to the attacker, potentially leading to session hijacking.

References

Affected packages


Safe Source for Open Sourceâ„¢
Media KitContact Us
© 2024 Chainguard. All Rights Reserved.
Private PolicyTerms of Use

Product

Chainguard Images