ID | CVE-2024-8883 | ||||||
Sažetak | A misconfiguration flaw was found in Keycloak. This issue can allow an attacker to redirect users to an arbitrary URL if a 'Valid Redirect URI' is set to http://localhost or http://127.0.0.1, enabling sensitive information such as authorization codes to be exposed to the attacker, potentially leading to session hijacking. | ||||||
Reference |
|
||||||
CVSS |
|
||||||
Pristup |
|
||||||
Impact |
|
||||||
CVSS vektor | CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N | ||||||
Zadnje važnije ažuriranje | 20-09-2024 - 12:30 | ||||||
Objavljeno | 19-09-2024 - 16:15 |