A flaw was found in the redirect_uri validation logic in Keycloak. This issue may allow a bypass of otherwise explicitly allowed hosts. A successful attack may lead to an access token being stolen, making it possible for the attacker to impersonate other users.
rh-sso-7/sso7-rhel8 Rocky
Fixed in: operator-bundle@sha256:4cbf1a09c7207f9f1ffc918b5e8a4adaa89938befc6d75040b3ddd505ab14f6c_amd64 RHSA-2023:7857 rh-sso-7/sso7-rhel8 Red Hat / RHEL
Fixed in: operator-bundle@sha256:4cbf1a09c7207f9f1ffc918b5e8a4adaa89938befc6d75040b3ddd505ab14f6c_amd64 RHSA-2023:7857 rh-sso-7/sso76 Red Hat / RHEL
Fixed in: openshift-rhel8@sha256:23d03851f0946e0ce058bfeeb458112e752b6b0dd8ebca078dc41b8e94c8e995_s390x RHSA-2024:0801 Fixed in: openshift-rhel8@sha256:2a21973655961ae87984bf1b76843419680fb0228fa0084c5bf8c696058bbc8d_ppc64le RHSA-2024:0801 Fixed in: openshift-rhel8@sha256:db235506ce5d840dc139a3cde4114939222df6abb0901efaaff4f9ddbc495b9b_amd64 RHSA-2023:7857 Fixed in: openshift-rhel8@sha256:c65934aa7883ccd9655cd1e7e47899e97470e42cc32bbe5386cc64f88fd26696_ppc64le RHSA-2023:7857 Fixed in: openshift-rhel8@sha256:05c8f187d183582102855c12ac856f361cc6a0bbd792675799bfc319694bc662_s390x RHSA-2023:7857 Fixed in: openshift-rhel8@sha256:1cde6dbbee3aa25be767953c45670d4c2592d61a7af776e7e0d0d1b08a1d23ab_amd64 RHSA-2024:0801 rh-sso-7/sso76 Rocky
Fixed in: openshift-rhel8@sha256:1cde6dbbee3aa25be767953c45670d4c2592d61a7af776e7e0d0d1b08a1d23ab_amd64 RHSA-2024:0801 Fixed in: openshift-rhel8@sha256:2a21973655961ae87984bf1b76843419680fb0228fa0084c5bf8c696058bbc8d_ppc64le RHSA-2024:0801 Fixed in: openshift-rhel8@sha256:db235506ce5d840dc139a3cde4114939222df6abb0901efaaff4f9ddbc495b9b_amd64 RHSA-2023:7857 Fixed in: openshift-rhel8@sha256:05c8f187d183582102855c12ac856f361cc6a0bbd792675799bfc319694bc662_s390x RHSA-2023:7857 Fixed in: openshift-rhel8@sha256:c65934aa7883ccd9655cd1e7e47899e97470e42cc32bbe5386cc64f88fd26696_ppc64le RHSA-2023:7857 Fixed in: openshift-rhel8@sha256:23d03851f0946e0ce058bfeeb458112e752b6b0dd8ebca078dc41b8e94c8e995_s390x RHSA-2024:0801 rh-sso7-keycloak Red Hat / RHEL
rh-sso7-keycloak-server Rocky
rh-sso7-keycloak-server Red Hat / RHEL
rhbk/keycloak Rocky
Fixed in: rhel9-operator@sha256:b79c5a6857d87daedeb8bf90fd4df9f73a663c5dc1567a5855eeebc8776d8b04_ppc64le RHSA-2023:7861 Fixed in: rhel9@sha256:cae4e2e48188b03a76a4e13e061e16cae7ee053bf32ec164ed140dce30c94cbf_ppc64le RHSA-2023:7861 Fixed in: rhel9-operator@sha256:c27cc8e7d7afc40125624c250be2cbefc9589645df6890bef6b601bbcfd0a9d7_amd64 RHSA-2023:7861 Fixed in: operator-bundle@sha256:95af3ba537cf925f0359d54c7cd6d1dc360c9f109dcdd79322e9eb981c9b1ec6_amd64 RHSA-2023:7861 Fixed in: rhel9@sha256:ca08c57756107d6701bdc10590466a7ca7a42bf1bc7883e9df3d4b6b04800343_amd64 RHSA-2023:7861 Fixed in: rhel9-operator@sha256:96bdf3a2d1491a1cf26c0f8e46ff0b124d27f8ae67181b6e52faffc5cafd8837_s390x RHSA-2023:7861 Fixed in: rhel9@sha256:ff4d7fbeb78a227d9078acb131a0762f36df194f905f5c8f1434efe073355b92_s390x RHSA-2023:7861 rhbk/keycloak Red Hat / RHEL
Fixed in: rhel9-operator@sha256:b79c5a6857d87daedeb8bf90fd4df9f73a663c5dc1567a5855eeebc8776d8b04_ppc64le RHSA-2023:7861 Fixed in: rhel9@sha256:cae4e2e48188b03a76a4e13e061e16cae7ee053bf32ec164ed140dce30c94cbf_ppc64le RHSA-2023:7861 Fixed in: rhel9-operator@sha256:c27cc8e7d7afc40125624c250be2cbefc9589645df6890bef6b601bbcfd0a9d7_amd64 RHSA-2023:7861 Fixed in: operator-bundle@sha256:95af3ba537cf925f0359d54c7cd6d1dc360c9f109dcdd79322e9eb981c9b1ec6_amd64 RHSA-2023:7861 Fixed in: rhel9@sha256:ca08c57756107d6701bdc10590466a7ca7a42bf1bc7883e9df3d4b6b04800343_amd64 RHSA-2023:7861 Fixed in: rhel9-operator@sha256:96bdf3a2d1491a1cf26c0f8e46ff0b124d27f8ae67181b6e52faffc5cafd8837_s390x RHSA-2023:7861 Fixed in: rhel9@sha256:ff4d7fbeb78a227d9078acb131a0762f36df194f905f5c8f1434efe073355b92_s390x RHSA-2023:7861 Remediation is compiled from vendor and distribution security advisories. Always confirm against the linked source for your exact version and platform.
Exploitability
Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction Required
Scope Changed
Impact
Confidentiality Low
Integrity Low
Availability Low
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
0.95% probability of exploitation in 30 days
57th percentile
Moderate risk: more likely to be exploited than 57% of all known CVEs.
Other CWE-601 (Open Redirect) vulnerabilities, ordered by exploit likelihood. View all
Embed a live status badge for CVE-2023-6291 Markdown
[](https://tridentstack.com/cve/CVE-2023-6291)HTML
<a href="https://tridentstack.com/cve/CVE-2023-6291"><img src="https://tridentstack.com/cve/badge/CVE-2023-6291.svg" alt="CVE-2023-6291"></a>Find and fix vulnerabilities across your fleet TridentStack Control continuously scans your Windows, macOS, and Linux fleet for known vulnerabilities, prioritizes them by severity and active exploitation, and patches them automatically.
Start free This product uses NVD data but is not endorsed or certified by the NVD. EPSS scores courtesy of FIRST.org (https://www.first.org/epss). Source: CISA KEV Catalog. Data as of 2024-11-21.