Keycloak Redirect URI Validation Bypass Token Theft
CVE-2023-6291 Published on January 26, 2024

A flaw was found in the redirect_uri validation logic in Keycloak. This issue may allow a bypass of otherwise explicitly allowed hosts. A successful attack may lead to an access token being stolen, making it possible for the attacker to impersonate other users.

Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory NVD

Vulnerability Analysis

CVE-2023-6291 can be exploited with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to be low. considered to have a small impact on confidentiality and integrity and availability.

Attack Vector:
NETWORK
Attack Complexity:
LOW
Privileges Required:
NONE
User Interaction:
REQUIRED
Scope:
CHANGED
Confidentiality Impact:
LOW
Integrity Impact:
LOW
Availability Impact:
LOW

Weakness Type

What is an Open Redirect Vulnerability?

A web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a Redirect. This simplifies phishing attacks. An http parameter may contain a URL value and could cause the web application to redirect the request to the specified URL. By modifying the URL value to a malicious site, an attacker may successfully launch a phishing scam and steal user credentials. Because the server name in the modified link is identical to the original site, phishing attempts have a more trustworthy appearance.

CVE-2023-6291 has been classified to as an Open Redirect vulnerability or weakness.


Products Associated with CVE-2023-6291

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2023-6291 are published in these products:

Red Hat Single Sign On
 
Red Hat Keycloak
 
Red Hat Migration Toolkit Applications
 
Red Hat Build Keycloak
 
Red Hat Single Sign On
 
Red Hat Rhosemc
 
Red Hat Serverless
 
Red Hat Jboss Data Grid
 
Red Hat Jboss Enterprise Brms Platform
 
Red Hat Jboss Fuse
 
Red Hat Jboss Enterprise Application Platform
 
Red Hat Jboss Enterprise Bpms Platform
 

Affected Versions

Red Hat build of Keycloak 22: Red Hat build of Keycloak 22: Red Hat build of Keycloak 22: Red Hat build of Keycloak 22.0.7: Red Hat Single Sign-On 7: Red Hat Single Sign-On 7.6 for RHEL 7: Red Hat Single Sign-On 7.6 for RHEL 7: Red Hat Single Sign-On 7.6 for RHEL 8: Red Hat Single Sign-On 7.6 for RHEL 8: Red Hat Single Sign-On 7.6 for RHEL 9: Red Hat Single Sign-On 7.6 for RHEL 9: Red Hat RHEL-8 based Middleware Containers: Red Hat RHEL-8 based Middleware Containers: Red Hat RHEL-8 based Middleware Containers: Red Hat Single Sign-On 7.6.6: Red Hat Migration Toolkit for Applications 6: Red Hat Migration Toolkit for Applications 7: Red Hat OpenShift Serverless: Red Hat Data Grid 8: Red Hat Decision Manager 7: Red Hat Fuse 7: Red Hat JBoss Data Grid 7: Red Hat JBoss Enterprise Application Platform 6: Red Hat Process Automation 7:

Exploit Probability

EPSS
0.20%
Percentile
41.43%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.