Keycloak prevents certain schemes in redirects, but permits them if a wildcard is appended to the token. This could permit an attacker to submit a specially crafted request leading to XSS or possibly further attacks.
This issue has been addressed in the following products: Red Hat Single Sign-On 7.6 for RHEL 9 Via RHSA-2023:7855 https://access.redhat.com/errata/RHSA-2023:7855
This issue has been addressed in the following products: Red Hat Single Sign-On 7.6 for RHEL 8 Via RHSA-2023:7856 https://access.redhat.com/errata/RHSA-2023:7856
This issue has been addressed in the following products: Red Hat Single Sign-On 7.6 for RHEL 7 Via RHSA-2023:7854 https://access.redhat.com/errata/RHSA-2023:7854
This issue has been addressed in the following products: Single Sign-On 7.6.6 Via RHSA-2023:7858 https://access.redhat.com/errata/RHSA-2023:7858
This issue has been addressed in the following products: Red Hat build of Keycloak 22.0.7 Via RHSA-2023:7860 https://access.redhat.com/errata/RHSA-2023:7860
This issue has been addressed in the following products: RHEL-8 based Middleware Containers Via RHSA-2023:7857 https://access.redhat.com/errata/RHSA-2023:7857
This issue has been addressed in the following products: Red Hat build of Keycloak 22 Via RHSA-2023:7861 https://access.redhat.com/errata/RHSA-2023:7861
Hello RH Team, CVE-2023-6291 seems to be assigned as well to this issue CVE-2023-6291 keycloak: redirect_uri validation logic that allows for a bypass of otherwise explicitly allowed hosts (#57) https://github.com/keycloak/keycloak/commit/15a21bf8e4fb71f006ba9caf25b9c9d1d152cd20 Same issue, and only 1 commit in 22.0.7. Can you please update one of them ? Thanks, Wilfried CERT Orange Cyberdefense
Hum after analysis, redirect_uri is linked to two issues, and you perfectly separated both issues. My bad for the comment.
This issue has been addressed in the following products: Red Hat Single Sign-On 7.6 for RHEL 8 Via RHSA-2024:0799 https://access.redhat.com/errata/RHSA-2024:0799
This issue has been addressed in the following products: Red Hat Single Sign-On 7.6 for RHEL 9 Via RHSA-2024:0800 https://access.redhat.com/errata/RHSA-2024:0800
This issue has been addressed in the following products: Red Hat Single Sign-On 7.6 for RHEL 7 Via RHSA-2024:0798 https://access.redhat.com/errata/RHSA-2024:0798
This issue has been addressed in the following products: RHEL-8 based Middleware Containers Via RHSA-2024:0801 https://access.redhat.com/errata/RHSA-2024:0801
This issue has been addressed in the following products: Red Hat Single Sign-On Via RHSA-2024:0804 https://access.redhat.com/errata/RHSA-2024:0804