Search for vulnerabilities
Vulnerability details: VCID-az5g-yu3m-g3c1
Vulnerability ID VCID-az5g-yu3m-g3c1
Aliases CVE-2024-8883
GHSA-w8gr-xwp4-r9f7
Summary Keycloak has Vulnerable Redirect URI Validation Results in Open Redirect A misconfiguration flaw was found in Keycloak. This issue can allow an attacker to redirect users to an arbitrary URL if a 'Valid Redirect URI' is set to http://localhost/ or http://127.0.0.1/, enabling sensitive information such as authorization codes to be exposed to the attacker, potentially leading to session hijacking.
Status Published
Exploitability 0.5
Weighted Severity 6.2
Risk 3.1
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-601 URL Redirection to Untrusted Site ('Open Redirect')
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
cvssv3.1 6.1 https://access.redhat.com/errata/RHSA-2024:10385
generic_textual MODERATE https://access.redhat.com/errata/RHSA-2024:10385
ssvc Track https://access.redhat.com/errata/RHSA-2024:10385
cvssv3.1 6.1 https://access.redhat.com/errata/RHSA-2024:10386
generic_textual MODERATE https://access.redhat.com/errata/RHSA-2024:10386
ssvc Track https://access.redhat.com/errata/RHSA-2024:10386
cvssv3.1 6.1 https://access.redhat.com/errata/RHSA-2024:6878
generic_textual MODERATE https://access.redhat.com/errata/RHSA-2024:6878
ssvc Track https://access.redhat.com/errata/RHSA-2024:6878
cvssv3.1 6.1 https://access.redhat.com/errata/RHSA-2024:6879
generic_textual MODERATE https://access.redhat.com/errata/RHSA-2024:6879
ssvc Track https://access.redhat.com/errata/RHSA-2024:6879
cvssv3.1 6.1 https://access.redhat.com/errata/RHSA-2024:6880
generic_textual MODERATE https://access.redhat.com/errata/RHSA-2024:6880
ssvc Track https://access.redhat.com/errata/RHSA-2024:6880
cvssv3.1 6.1 https://access.redhat.com/errata/RHSA-2024:6882
generic_textual MODERATE https://access.redhat.com/errata/RHSA-2024:6882
ssvc Track https://access.redhat.com/errata/RHSA-2024:6882
cvssv3.1 6.1 https://access.redhat.com/errata/RHSA-2024:6886
generic_textual MODERATE https://access.redhat.com/errata/RHSA-2024:6886
ssvc Track https://access.redhat.com/errata/RHSA-2024:6886
cvssv3.1 6.1 https://access.redhat.com/errata/RHSA-2024:6887
generic_textual MODERATE https://access.redhat.com/errata/RHSA-2024:6887
ssvc Track https://access.redhat.com/errata/RHSA-2024:6887
cvssv3.1 6.1 https://access.redhat.com/errata/RHSA-2024:6888
generic_textual MODERATE https://access.redhat.com/errata/RHSA-2024:6888
ssvc Track https://access.redhat.com/errata/RHSA-2024:6888
cvssv3.1 6.1 https://access.redhat.com/errata/RHSA-2024:6889
generic_textual MODERATE https://access.redhat.com/errata/RHSA-2024:6889
ssvc Track https://access.redhat.com/errata/RHSA-2024:6889
cvssv3.1 6.1 https://access.redhat.com/errata/RHSA-2024:6890
generic_textual MODERATE https://access.redhat.com/errata/RHSA-2024:6890
ssvc Track https://access.redhat.com/errata/RHSA-2024:6890
cvssv3.1 6.1 https://access.redhat.com/errata/RHSA-2024:8823
generic_textual MODERATE https://access.redhat.com/errata/RHSA-2024:8823
ssvc Track https://access.redhat.com/errata/RHSA-2024:8823
cvssv3.1 6.1 https://access.redhat.com/errata/RHSA-2024:8824
generic_textual MODERATE https://access.redhat.com/errata/RHSA-2024:8824
ssvc Track https://access.redhat.com/errata/RHSA-2024:8824
cvssv3.1 6.1 https://access.redhat.com/errata/RHSA-2024:8826
generic_textual MODERATE https://access.redhat.com/errata/RHSA-2024:8826
ssvc Track https://access.redhat.com/errata/RHSA-2024:8826
cvssv3 6.1 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-8883.json
cvssv3.1 6.1 https://access.redhat.com/security/cve/CVE-2024-8883
generic_textual MODERATE https://access.redhat.com/security/cve/CVE-2024-8883
ssvc Track https://access.redhat.com/security/cve/CVE-2024-8883
epss 0.0489 https://api.first.org/data/v1/epss?cve=CVE-2024-8883
epss 0.0489 https://api.first.org/data/v1/epss?cve=CVE-2024-8883
epss 0.0489 https://api.first.org/data/v1/epss?cve=CVE-2024-8883
epss 0.0489 https://api.first.org/data/v1/epss?cve=CVE-2024-8883
epss 0.0489 https://api.first.org/data/v1/epss?cve=CVE-2024-8883
epss 0.0489 https://api.first.org/data/v1/epss?cve=CVE-2024-8883
epss 0.0489 https://api.first.org/data/v1/epss?cve=CVE-2024-8883
epss 0.0489 https://api.first.org/data/v1/epss?cve=CVE-2024-8883
epss 0.0489 https://api.first.org/data/v1/epss?cve=CVE-2024-8883
epss 0.0489 https://api.first.org/data/v1/epss?cve=CVE-2024-8883
epss 0.0489 https://api.first.org/data/v1/epss?cve=CVE-2024-8883
epss 0.0489 https://api.first.org/data/v1/epss?cve=CVE-2024-8883
epss 0.0489 https://api.first.org/data/v1/epss?cve=CVE-2024-8883
epss 0.05978 https://api.first.org/data/v1/epss?cve=CVE-2024-8883
epss 0.05978 https://api.first.org/data/v1/epss?cve=CVE-2024-8883
cvssv3.1 6.1 https://bugzilla.redhat.com/show_bug.cgi?id=2312511
generic_textual MODERATE https://bugzilla.redhat.com/show_bug.cgi?id=2312511
ssvc Track https://bugzilla.redhat.com/show_bug.cgi?id=2312511
cvssv3.1_qr MODERATE https://github.com/advisories/GHSA-w8gr-xwp4-r9f7
cvssv3.1 6.1 https://github.com/keycloak/keycloak
generic_textual MODERATE https://github.com/keycloak/keycloak
cvssv3.1 6.1 https://github.com/keycloak/keycloak/blob/main/services/src/main/java/org/keycloak/protocol/oidc/utils/RedirectUtils.java
generic_textual MODERATE https://github.com/keycloak/keycloak/blob/main/services/src/main/java/org/keycloak/protocol/oidc/utils/RedirectUtils.java
ssvc Track https://github.com/keycloak/keycloak/blob/main/services/src/main/java/org/keycloak/protocol/oidc/utils/RedirectUtils.java
cvssv3.1 6.1 https://github.com/keycloak/keycloak/releases/tag/25.0.6
generic_textual MODERATE https://github.com/keycloak/keycloak/releases/tag/25.0.6
cvssv3.1 6.1 https://github.com/keycloak/keycloak/security/advisories/GHSA-w8gr-xwp4-r9f7
cvssv3.1_qr MODERATE https://github.com/keycloak/keycloak/security/advisories/GHSA-w8gr-xwp4-r9f7
generic_textual MODERATE https://github.com/keycloak/keycloak/security/advisories/GHSA-w8gr-xwp4-r9f7
cvssv3.1 6.1 https://nvd.nist.gov/vuln/detail/CVE-2024-8883
generic_textual MODERATE https://nvd.nist.gov/vuln/detail/CVE-2024-8883
Reference id Reference type URL
https://access.redhat.com/errata/RHSA-2024:10385
https://access.redhat.com/errata/RHSA-2024:10386
https://access.redhat.com/errata/RHSA-2024:6878
https://access.redhat.com/errata/RHSA-2024:6879
https://access.redhat.com/errata/RHSA-2024:6880
https://access.redhat.com/errata/RHSA-2024:6882
https://access.redhat.com/errata/RHSA-2024:6886
https://access.redhat.com/errata/RHSA-2024:6887
https://access.redhat.com/errata/RHSA-2024:6888
https://access.redhat.com/errata/RHSA-2024:6889
https://access.redhat.com/errata/RHSA-2024:6890
https://access.redhat.com/errata/RHSA-2024:8823
https://access.redhat.com/errata/RHSA-2024:8824
https://access.redhat.com/errata/RHSA-2024:8826
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-8883.json
https://access.redhat.com/security/cve/CVE-2024-8883
https://api.first.org/data/v1/epss?cve=CVE-2024-8883
https://bugzilla.redhat.com/show_bug.cgi?id=2312511
https://github.com/keycloak/keycloak
https://github.com/keycloak/keycloak/blob/main/services/src/main/java/org/keycloak/protocol/oidc/utils/RedirectUtils.java
https://github.com/keycloak/keycloak/releases/tag/25.0.6
https://github.com/keycloak/keycloak/security/advisories/GHSA-w8gr-xwp4-r9f7
https://nvd.nist.gov/vuln/detail/CVE-2024-8883
cpe:2.3:a:redhat:build_of_keycloak:-:*:*:*:text-only:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:build_of_keycloak:-:*:*:*:text-only:*:*:*
cpe:2.3:a:redhat:openshift_container_platform:4.11:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift_container_platform:4.11:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform:4.12:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift_container_platform:4.12:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform_for_ibm_z:4.10:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift_container_platform_for_ibm_z:4.10:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform_for_ibm_z:4.9:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift_container_platform_for_ibm_z:4.9:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform_for_linuxone:4.10:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift_container_platform_for_linuxone:4.10:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform_for_linuxone:4.9:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift_container_platform_for_linuxone:4.9:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform_for_power:4.10:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift_container_platform_for_power:4.10:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform_for_power:4.9:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift_container_platform_for_power:4.9:*:*:*:*:*:*:*
cpe:2.3:a:redhat:single_sign-on:7.6:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:single_sign-on:7.6:*:*:*:*:*:*:*
cpe:2.3:a:redhat:single_sign-on:-:*:*:*:text-only:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:single_sign-on:-:*:*:*:text-only:*:*:*
cpe:/a:redhat:build_keycloak:22 https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22
cpe:/a:redhat:build_keycloak:22::el9 https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22::el9
cpe:/a:redhat:build_keycloak:24 https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:24
cpe:/a:redhat:build_keycloak:24::el9 https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:24::el9
cpe:/a:redhat:jboss_enterprise_application_platform:8.0 https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8.0
cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8 https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9 https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
cpe:/a:redhat:red_hat_single_sign_on:7.6 https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6
cpe:/a:redhat:red_hat_single_sign_on:7.6::el7 https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el7
cpe:/a:redhat:red_hat_single_sign_on:7.6::el8 https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el8
cpe:/a:redhat:red_hat_single_sign_on:7.6::el9 https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el9
cpe:/a:redhat:rhosemc:1.0::el8 https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhosemc:1.0::el8
GHSA-w8gr-xwp4-r9f7 https://github.com/advisories/GHSA-w8gr-xwp4-r9f7
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://access.redhat.com/errata/RHSA-2024:10385
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-19T17:28:37Z/ Found at https://access.redhat.com/errata/RHSA-2024:10385
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://access.redhat.com/errata/RHSA-2024:10386
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-19T17:28:37Z/ Found at https://access.redhat.com/errata/RHSA-2024:10386
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://access.redhat.com/errata/RHSA-2024:6878
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-19T17:28:37Z/ Found at https://access.redhat.com/errata/RHSA-2024:6878
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://access.redhat.com/errata/RHSA-2024:6879
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-19T17:28:37Z/ Found at https://access.redhat.com/errata/RHSA-2024:6879
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://access.redhat.com/errata/RHSA-2024:6880
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-19T17:28:37Z/ Found at https://access.redhat.com/errata/RHSA-2024:6880
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://access.redhat.com/errata/RHSA-2024:6882
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-19T17:28:37Z/ Found at https://access.redhat.com/errata/RHSA-2024:6882
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://access.redhat.com/errata/RHSA-2024:6886
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-19T17:28:37Z/ Found at https://access.redhat.com/errata/RHSA-2024:6886
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://access.redhat.com/errata/RHSA-2024:6887
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-19T17:28:37Z/ Found at https://access.redhat.com/errata/RHSA-2024:6887
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://access.redhat.com/errata/RHSA-2024:6888
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-19T17:28:37Z/ Found at https://access.redhat.com/errata/RHSA-2024:6888
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://access.redhat.com/errata/RHSA-2024:6889
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-19T17:28:37Z/ Found at https://access.redhat.com/errata/RHSA-2024:6889
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://access.redhat.com/errata/RHSA-2024:6890
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-19T17:28:37Z/ Found at https://access.redhat.com/errata/RHSA-2024:6890
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://access.redhat.com/errata/RHSA-2024:8823
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-19T17:28:37Z/ Found at https://access.redhat.com/errata/RHSA-2024:8823
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://access.redhat.com/errata/RHSA-2024:8824
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-19T17:28:37Z/ Found at https://access.redhat.com/errata/RHSA-2024:8824
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://access.redhat.com/errata/RHSA-2024:8826
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-19T17:28:37Z/ Found at https://access.redhat.com/errata/RHSA-2024:8826
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-8883.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://access.redhat.com/security/cve/CVE-2024-8883
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-19T17:28:37Z/ Found at https://access.redhat.com/security/cve/CVE-2024-8883
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://bugzilla.redhat.com/show_bug.cgi?id=2312511
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-19T17:28:37Z/ Found at https://bugzilla.redhat.com/show_bug.cgi?id=2312511
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://github.com/keycloak/keycloak
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://github.com/keycloak/keycloak/blob/main/services/src/main/java/org/keycloak/protocol/oidc/utils/RedirectUtils.java
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-19T17:28:37Z/ Found at https://github.com/keycloak/keycloak/blob/main/services/src/main/java/org/keycloak/protocol/oidc/utils/RedirectUtils.java
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://github.com/keycloak/keycloak/releases/tag/25.0.6
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://github.com/keycloak/keycloak/security/advisories/GHSA-w8gr-xwp4-r9f7
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2024-8883
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.89172
EPSS Score 0.0489
Published At July 30, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2025-07-31T08:29:43.166454+00:00 GithubOSV Importer Import https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/10/GHSA-w8gr-xwp4-r9f7/GHSA-w8gr-xwp4-r9f7.json 37.0.0