2282572 – (CVE-2024-5203) CVE-2024-5203 Keycloak: Login CSRF

Bug 2282572 (CVE-2024-5203) - CVE-2024-5203 Keycloak: Login CSRF

Summary: CVE-2024-5203 Keycloak: Login CSRF

Keywords:
Status:	NEW
Alias:	CVE-2024-5203
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	low
Severity:	low
Target Milestone:	---
Assignee:	Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	2282571
TreeView+	depends on / blocked

Reported:	2024-05-22 15:08 UTC by Zack Miele
Modified:	2024-09-13 10:28 UTC (History)
CC List:	13 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description Zack Miele 2024-05-22 15:08:32 UTC

A CSRF flaw was found in Keycloak. This issue occurs due to the lack of a unique token sent during the authentication POST request, /login-actions/authenticate. An attacker could craft a malicious login page and trick a legitimate user of an application into authenticating with an attacker controlled account instead of their own.

Note You need to log in before you can comment on or make changes to this bug.