Bug 1489161 (CVE-2017-12158) - CVE-2017-12158 keycloak: reflected XSS using HOST header
Summary: CVE-2017-12158 keycloak: reflected XSS using HOST header
Keywords:
Status: NEW
Alias: CVE-2017-12158
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks: 1484091
TreeView+ depends on / blocked
 
Reported: 2017-09-06 20:31 UTC by Chess Hazlett
Modified: 2019-09-29 14:20 UTC (History)
16 users (show)

Fixed In Version: Keycloak 3.3.0.Final, Keycloak 3.4.0.Final
Doc Type: If docs needed, set a value
Doc Text:
It was found that keycloak would accept a HOST header URL in the admin console and use it to determine web resource locations. An attacker could use this flaw against an authenticated user to attain reflected XSS via a malicious server.
Clone Of:
Environment:
Last Closed:


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2017:2904 normal SHIPPED_LIVE Moderate: rh-sso7-keycloak security update 2017-10-17 23:53:00 UTC
Red Hat Product Errata RHSA-2017:2905 normal SHIPPED_LIVE Moderate: rh-sso7-keycloak security update 2017-10-17 23:53:19 UTC
Red Hat Product Errata RHSA-2017:2906 normal SHIPPED_LIVE Moderate: Red Hat Single Sign-On security update 2017-10-17 23:42:35 UTC

Description Chess Hazlett 2017-09-06 20:31:18 UTC
It was found that keycloak would accept a HOST header URL in the admin console and use it to determine web resource locations. An attacker could use this flaw against an authenticated user to attain reflected XSS via a malicious server.

Upstream issue:

https://issues.jboss.org/browse/KEYCLOAK-5225

Comment 1 Chess Hazlett 2017-10-17 16:12:25 UTC
Acknowledgments:

Name: Mykhailo Stadnyk (Playtech)

Comment 2 errata-xmlrpc 2017-10-17 19:43:04 UTC
This issue has been addressed in the following products:

  Red Hat Single Sign-On

Via RHSA-2017:2906 https://access.redhat.com/errata/RHSA-2017:2906

Comment 3 errata-xmlrpc 2017-10-17 19:54:04 UTC
This issue has been addressed in the following products:

  Red Hat Single Sign-On 7.1 for RHEL 6

Via RHSA-2017:2904 https://access.redhat.com/errata/RHSA-2017:2904

Comment 4 errata-xmlrpc 2017-10-17 19:54:35 UTC
This issue has been addressed in the following products:

  Red Hat Single Sign-On 7.1 for RHEL 7

Via RHSA-2017:2905 https://access.redhat.com/errata/RHSA-2017:2905


Note You need to log in before you can comment on or make changes to this bug.