CVE-2023-6291

URL Redirection to Untrusted Site ('Open Redirect') in maven/org.keycloak/keycloak-saml-core-public

Identifiers

CVE-2023-6291

Package Slug

maven/org.keycloak/keycloak-saml-core-public

Vulnerability

URL Redirection to Untrusted Site ('Open Redirect')

Description

A flaw was found in the redirect_uri validation logic in Keycloak. This issue may allow a bypass of otherwise explicitly allowed hosts. A successful attack may lead to an access token being stolen, making it possible for the attacker to impersonate other users.

Affected Versions

All versions before 22.0.7

Solution

Upgrade to version 23.0.0 or above.

Last Modified

2024-02-05

source