CVE-2024-1249

A flaw was found in Keycloak's OIDC component in the "checkLoginIframe," which allows unvalidated cross-origin messages. This flaw allows attackers to coordinate and send millions of requests in seconds using simple code, significantly impacting the application's availability without proper origin validation for incoming messages.

CVSS v3 7.4 HIGH

7.4^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 4.0

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope CHANGED

References

Link	Resource
https://access.redhat.com/errata/RHSA-2024:1860
https://access.redhat.com/errata/RHSA-2024:1861
https://access.redhat.com/errata/RHSA-2024:1862
https://access.redhat.com/errata/RHSA-2024:1864
https://access.redhat.com/errata/RHSA-2024:1866
https://access.redhat.com/errata/RHSA-2024:1867
https://access.redhat.com/errata/RHSA-2024:1868
https://access.redhat.com/security/cve/CVE-2024-1249
https://bugzilla.redhat.com/show_bug.cgi?id=2262918

Configurations

No configuration.

History

17 Apr 2024, 16:15

Type	Values Removed	Values Added
References		() https://access.redhat.com/errata/RHSA-2024:1860 - () https://access.redhat.com/errata/RHSA-2024:1861 - () https://access.redhat.com/errata/RHSA-2024:1862 - () https://access.redhat.com/errata/RHSA-2024:1864 - () https://access.redhat.com/errata/RHSA-2024:1866 - () https://access.redhat.com/errata/RHSA-2024:1867 -

17 Apr 2024, 14:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-04-17 14:15

Updated : 2024-04-17 16:15

NVD link : CVE-2024-1249

Mitre link : CVE-2024-1249

CVE.ORG link : CVE-2024-1249

JSON object : View

Products Affected

No product.

CWE

CWE-346

Origin Validation Error

7.4 /10