{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2024-7260", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "state": "PUBLISHED", "assignerShortName": "redhat", "dateReserved": "2024-07-30T02:24:02.197Z", "datePublished": "2024-09-09T18:49:59.437Z", "dateUpdated": "2026-01-23T17:00:35.528Z"}, "containers": {"cna": {"title": "Keycloak-core: open redirect on account page", "metrics": [{"other": {"content": {"value": "Moderate", "namespace": "https://access.redhat.com/security/updates/classification/"}, "type": "Red Hat severity rating"}}, {"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "format": "CVSS"}], "descriptions": [{"lang": "en", "value": "An open redirect vulnerability was found in Keycloak. A specially crafted URL can be constructed where the referrer and referrer_uri parameters are made to trick a user to visit a malicious webpage. A trusted URL can trick users and automation into believing that the URL is safe, when, in fact, it redirects to a malicious server. This issue can result in a victim inadvertently trusting the destination of the redirect, potentially leading to a successful phishing attack or other types of attacks.\r\n\r\nOnce a crafted URL is made, it can be sent to a Keycloak admin via email for example. This will trigger this vulnerability when the user visits the page and clicks the link. A malicious actor can use this to target users they know are Keycloak admins for further attacks. It may also be possible to bypass other domain-related security checks, such as supplying this as a OAuth redirect uri. The malicious actor can further obfuscate the redirect_uri using URL encoding, to hide the text of the actual malicious website domain."}], "affected": [{"versions": [{"status": "affected", "version": "0", "lessThan": "24.0.7", "versionType": "semver"}], "packageName": "keycloak", "collectionURL": "https://github.com/keycloak/keycloak", "defaultStatus": "unaffected"}, {"vendor": "Red Hat", "product": "Red Hat Build of Keycloak", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "unaffected", "packageName": "keycloak-core", "cpes": ["cpe:/a:redhat:build_keycloak:24"]}, {"vendor": "Red Hat", "product": "Red Hat build of Keycloak 24", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "rhbk/keycloak-operator-bundle", "defaultStatus": "affected", "versions": [{"version": "24.0.7-4", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:build_keycloak:24::el9"]}, {"vendor": "Red Hat", "product": "Red Hat build of Keycloak 24", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "rhbk/keycloak-rhel9", "defaultStatus": "affected", "versions": [{"version": "24-16", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:build_keycloak:24::el9"]}, {"vendor": "Red Hat", "product": "Red Hat build of Keycloak 24", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "rhbk/keycloak-rhel9-operator", "defaultStatus": "affected", "versions": [{"version": "24-16", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:build_keycloak:24::el9"]}], "references": [{"url": "https://access.redhat.com/errata/RHSA-2024:6502", "name": "RHSA-2024:6502", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:6503", "name": "RHSA-2024:6503", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/security/cve/CVE-2024-7260", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2301875", "name": "RHBZ#2301875", "tags": ["issue-tracking", "x_refsource_REDHAT"]}], "datePublic": "2024-09-09T13:55:00.000Z", "problemTypes": [{"descriptions": [{"cweId": "CWE-601", "description": "URL Redirection to Untrusted Site ('Open Redirect')", "lang": "en", "type": "CWE"}]}], "x_redhatCweChain": "CWE-601: URL Redirection to Untrusted Site ('Open Redirect')", "timeline": [{"lang": "en", "time": "2024-07-31T02:53:42.000Z", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2024-09-09T13:55:00.000Z", "value": "Made public."}], "credits": [{"lang": "en", "value": "This issue was discovered by Todd Cullum (Red Hat)."}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2026-01-23T17:00:35.528Z"}, "x_generator": {"engine": "cvelib 1.8.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-09-09T19:13:21.486531Z", "id": "CVE-2024-7260", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-09T19:13:53.628Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-7260", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-09T19:13:21.486531Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-09T19:13:37.589Z"}}], "cna": {"title": "Keycloak-core: open redirect on account page", "credits": [{"lang": "en", "value": "This issue was discovered by Todd Cullum (Red Hat)."}], "metrics": [{"other": {"type": "Red Hat severity rating", "content": {"value": "Moderate", "namespace": "https://access.redhat.com/security/updates/classification/"}}}, {"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}], "affected": [{"versions": [{"status": "affected", "version": "0", "lessThan": "24.0.7", "versionType": "semver"}], "packageName": "keycloak", "collectionURL": "https://github.com/keycloak/keycloak", "defaultStatus": "unaffected"}, {"cpes": ["cpe:/a:redhat:build_keycloak:24"], "vendor": "Red Hat", "product": "Red Hat Build of Keycloak", "packageName": "keycloak-core", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "unaffected"}, {"cpes": ["cpe:/a:redhat:build_keycloak:24::el9"], "vendor": "Red Hat", "product": "Red Hat build of Keycloak 24", "versions": [{"status": "unaffected", "version": "24.0.7-4", "lessThan": "*", "versionType": "rpm"}], "packageName": "rhbk/keycloak-operator-bundle", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:build_keycloak:24::el9"], "vendor": "Red Hat", "product": "Red Hat build of Keycloak 24", "versions": [{"status": "unaffected", "version": "24-16", "lessThan": "*", "versionType": "rpm"}], "packageName": "rhbk/keycloak-rhel9", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:build_keycloak:24::el9"], "vendor": "Red Hat", "product": "Red Hat build of Keycloak 24", "versions": [{"status": "unaffected", "version": "24-16", "lessThan": "*", "versionType": "rpm"}], "packageName": "rhbk/keycloak-rhel9-operator", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}], "timeline": [{"lang": "en", "time": "2024-07-31T02:53:42.000Z", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2024-09-09T13:55:00.000Z", "value": "Made public."}], "datePublic": "2024-09-09T13:55:00.000Z", "references": [{"url": "https://access.redhat.com/errata/RHSA-2024:6502", "name": "RHSA-2024:6502", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:6503", "name": "RHSA-2024:6503", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/security/cve/CVE-2024-7260", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2301875", "name": "RHBZ#2301875", "tags": ["issue-tracking", "x_refsource_REDHAT"]}], "x_generator": {"engine": "cvelib 1.8.0"}, "descriptions": [{"lang": "en", "value": "An open redirect vulnerability was found in Keycloak. A specially crafted URL can be constructed where the referrer and referrer_uri parameters are made to trick a user to visit a malicious webpage. A trusted URL can trick users and automation into believing that the URL is safe, when, in fact, it redirects to a malicious server. This issue can result in a victim inadvertently trusting the destination of the redirect, potentially leading to a successful phishing attack or other types of attacks.\r\n\r\nOnce a crafted URL is made, it can be sent to a Keycloak admin via email for example. This will trigger this vulnerability when the user visits the page and clicks the link. A malicious actor can use this to target users they know are Keycloak admins for further attacks. It may also be possible to bypass other domain-related security checks, such as supplying this as a OAuth redirect uri. The malicious actor can further obfuscate the redirect_uri using URL encoding, to hide the text of the actual malicious website domain."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-601", "description": "URL Redirection to Untrusted Site ('Open Redirect')"}]}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2026-01-23T17:00:35.528Z"}, "x_redhatCweChain": "CWE-601: URL Redirection to Untrusted Site ('Open Redirect')"}}, "cveMetadata": {"cveId": "CVE-2024-7260", "state": "PUBLISHED", "dateUpdated": "2026-01-23T17:00:35.528Z", "dateReserved": "2024-07-30T02:24:02.197Z", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "datePublished": "2024-09-09T18:49:59.437Z", "assignerShortName": "redhat"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:build_of_keycloak:*:*:*:*:*:*:*:*", "matchCriteriaId": "802E2FCC-19AA-419E-8A1B-50E8F612A687", "versionEndExcluding": "24.0.7", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:keycloak:*:*:*:*:*:*:*:*", "matchCriteriaId": "78B09F16-131D-4A15-9D00-A085F210E717", "versionEndExcluding": "24.0.7", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An open redirect vulnerability was found in Keycloak. A specially crafted URL can be constructed where the referrer and referrer_uri parameters are made to trick a user to visit a malicious webpage. A trusted URL can trick users and automation into believing that the URL is safe, when, in fact, it redirects to a malicious server. This issue can result in a victim inadvertently trusting the destination of the redirect, potentially leading to a successful phishing attack or other types of attacks.\r\n\r\nOnce a crafted URL is made, it can be sent to a Keycloak admin via email for example. This will trigger this vulnerability when the user visits the page and clicks the link. A malicious actor can use this to target users they know are Keycloak admins for further attacks. It may also be possible to bypass other domain-related security checks, such as supplying this as a OAuth redirect uri. The malicious actor can further obfuscate the redirect_uri using URL encoding, to hide the text of the actual malicious website domain."}, {"lang": "es", "value": "Se encontr\u00f3 una vulnerabilidad de redirecci\u00f3n abierta en Keycloak. Se puede construir una URL especialmente manipulada donde los par\u00e1metros referrer y referrer_uri se crean para enga\u00f1ar a un usuario para que visite una p\u00e1gina web maliciosa. Una URL confiable puede enga\u00f1ar a los usuarios y a la automatizaci\u00f3n haci\u00e9ndoles creer que la URL es segura, cuando, de hecho, redirecciona a un servidor malicioso. Este problema puede provocar que una v\u00edctima conf\u00ede inadvertidamente en el destino de la redirecci\u00f3n, lo que puede llevar a un ataque de phishing exitoso u otros tipos de ataques. Una vez que se crea una URL manipulada, se puede enviar a un administrador de Keycloak por correo electr\u00f3nico, por ejemplo. Esto activar\u00e1 esta vulnerabilidad cuando el usuario visite la p\u00e1gina y haga clic en el enlace. Un actor malicioso puede usar esto para apuntar a usuarios que sabe que son administradores de Keycloak para futuros ataques. Tambi\u00e9n puede ser posible eludir otros controles de seguridad relacionados con el dominio, como proporcionar esto como una URL de redireccionamiento de OAuth. El actor malicioso puede ofuscar a\u00fan m\u00e1s la redirect_uri mediante la codificaci\u00f3n de URL, para ocultar el texto del dominio real del sitio web malicioso."}], "id": "CVE-2024-7260", "lastModified": "2024-10-01T14:15:06.553", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "secalert@redhat.com", "type": "Secondary"}]}, "published": "2024-09-09T19:15:14.033", "references": [{"source": "secalert@redhat.com", "tags": ["Issue Tracking"], "url": "https://access.redhat.com/errata/RHSA-2024:6502"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking"], "url": "https://access.redhat.com/errata/RHSA-2024:6503"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "https://access.redhat.com/security/cve/CVE-2024-7260"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Vendor Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2301875"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-601"}], "source": "secalert@redhat.com", "type": "Primary"}]}

{"acknowledgement": "This issue was discovered by Todd Cullum (Red Hat).", "affected_release": [{"advisory": "RHSA-2024:6503", "cpe": "cpe:/a:redhat:build_keycloak:24", "package": "keycloak-core", "product_name": "Red Hat Build of Keycloak", "release_date": "2024-09-09T00:00:00Z"}, {"advisory": "RHSA-2024:6502", "cpe": "cpe:/a:redhat:build_keycloak:24::el9", "package": "rhbk/keycloak-operator-bundle:24.0.7-4", "product_name": "Red Hat build of Keycloak 24", "release_date": "2024-09-09T00:00:00Z"}, {"advisory": "RHSA-2024:6502", "cpe": "cpe:/a:redhat:build_keycloak:24::el9", "package": "rhbk/keycloak-rhel9:24-16", "product_name": "Red Hat build of Keycloak 24", "release_date": "2024-09-09T00:00:00Z"}, {"advisory": "RHSA-2024:6502", "cpe": "cpe:/a:redhat:build_keycloak:24::el9", "package": "rhbk/keycloak-rhel9-operator:24-16", "product_name": "Red Hat build of Keycloak 24", "release_date": "2024-09-09T00:00:00Z"}], "bugzilla": {"description": "keycloak-core: Open Redirect on Account page", "id": "2301875", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2301875"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "status": "verified"}, "cwe": "CWE-601", "details": ["An open redirect vulnerability was found in Keycloak. A specially crafted URL can be constructed where the referrer and referrer_uri parameters are made to trick a user to visit a malicious webpage. A trusted URL can trick users and automation into believing that the URL is safe, when, in fact, it redirects to a malicious server. This issue can result in a victim inadvertently trusting the destination of the redirect, potentially leading to a successful phishing attack or other types of attacks.\nOnce a crafted URL is made, it can be sent to a Keycloak admin via email for example. This will trigger this vulnerability when the user visits the page and clicks the link. A malicious actor can use this to target users they know are Keycloak admins for further attacks. It may also be possible to bypass other domain-related security checks, such as supplying this as a OAuth redirect uri. The malicious actor can further obfuscate the redirect_uri using URL encoding, to hide the text of the actual malicious website domain.", "An open redirect vulnerability was found in Keycloak. A specially crafted URL can be constructed where the referrer and referrer_uri parameters are made to trick a user to visit a malicious webpage. A trusted URL can trick users and automation into believing that the URL is safe, when, in fact, it redirects to a malicious server. This issue can result in a victim inadvertently trusting the destination of the redirect, potentially leading to a successful phishing attack or other types of attacks.\nOnce a crafted URL is made, it can be sent to a Keycloak admin via email for example. This will trigger this vulnerability when the user visits the page and clicks the link. A malicious actor can use this to target users they know are Keycloak admins for further attacks. It may also be possible to bypass other domain-related security checks, such as supplying this as a OAuth redirect uri. The malicious actor can further obfuscate the redirect_uri using URL encoding, to hide the text of the actual malicious website domain."], "name": "CVE-2024-7260", "public_date": "2024-09-09T13:55:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-7260\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-7260"], "statement": "Red Hat has evaluated this vulnerability and it only affects the Red Hat Build of Keycloak (RHBK).\nWithin regulated environments, a combination of the following controls acts as a significant barrier to successfully exploiting a CWE-601: URL Redirection to Untrusted Site ('Open Redirect') vulnerability and therefore downgrades the severity of this particular CVE from Moderate to Low.\nThe platform limits access to external systems and enforces strict network security boundaries through a deny-all, allow-exception system implementation. This ensures that access to external websites and systems is strictly controlled, monitored, and, if necessary, restricted. By enforcing policies on which external sites or domains users and applications can interact with, this control minimizes the risk of users being redirected to malicious websites. For example, organizations may implement allowlists of approved URLs or domains, blocking any redirections to untrusted or unauthorized sites. The platform's implementation of boundary protection includes firewalls, gateways, and intrusion detection/prevention systems. This control prevents unauthorized traffic, including malicious redirect requests, from entering or leaving the internal network. The boundary protection control can enforce URL filtering, domain allowlisting, and content inspection to block redirection attempts to known malicious domains. When configured properly, boundary protection mechanisms ensure that even if an open redirect vulnerability is exploited, the impact is limited by blocking access to harmful external sites.", "threat_severity": "Moderate"}

{}