CVE-2024-1132 HIGH

CVE-2024-1132: Keycloak: path transversal in redirection validation

Vendor Red Hat
Product Red Hat AMQ Broker 7
Weakness CWE-22 · Path traversal
Published April 17, 2024
Last update May 16, 2026

CVSS base score

8.1/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

What the vulnerability does

01Description

A flaw was found in Keycloak, where it does not properly validate URLs included in a redirect. This issue could allow an attacker to construct a malicious request to bypass validation and access other URLs and sensitive information within the domain or conduct further attacks. This flaw affects any client that utilizes a wildcard in the Valid Redirect URIs field, and requires user interaction within the malicious URL.

Key dates

02Disclosure timeline

April 17, 2024 CVE published
May 16, 2026 Record updated