Nixpkgs Security Tracker

Accepted

Permalink CVE-2023-6291

updated 1 year, 1 month ago by @LeSuisse Activity log

Created automatic suggestion 1 year, 1 month ago
@LeSuisse accepted 1 year, 1 month ago

Keycloak: redirect_uri validation bypass

A flaw was found in the redirect_uri validation logic in Keycloak. This issue may allow a bypass of otherwise explicitly allowed hosts. A successful attack may lead to an access token being stolen, making it possible for the attacker to impersonate other users.

Affected products

keycloak

rh-sso7-keycloak

rhbk/keycloak-rhel9

org.keycloak/keycloak-core

rhbk/keycloak-rhel9-operator

rhbk/keycloak-operator-bundle

rh-sso-7/sso76-openshift-rhel8

Red Hat build of Keycloak 22.0.7

rh-sso-7/sso7-rhel8-operator-bundle

Matching in nixpkgs

pkgs.keycloak

Identity and access management for modern applications and services

nixos-unstable 26.0.6
- nixpkgs-unstable 26.0.6
- nixos-unstable-small 26.0.7

Package maintainers

@ngerstle Nicholas Gerstle <ngerstle@gmail.com>
@NickCao Nick Cao <nickcao@nichi.co>
@talyz Kim Lindberger <kim.lindberger@gmail.com>

Suggestion detail

Affected products

Matching in nixpkgs

pkgs.keycloak

Package maintainers