Search for vulnerabilities
Vulnerability details: VCID-wngh-3b7z-aue7
Vulnerability ID VCID-wngh-3b7z-aue7
Aliases GHSA-vvf8-2h68-9475
Summary Duplicate Advisory: Keycloak Open Redirect vulnerability # Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-w8gr-xwp4-r9f7. This link is maintained to preserve external references. # Original Description A misconfiguration flaw was found in Keycloak. This issue can allow an attacker to redirect users to an arbitrary URL if a 'Valid Redirect URI' is set to http://localhost or http://127.0.0.1, enabling sensitive information such as authorization codes to be exposed to the attacker, potentially leading to session hijacking.
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-601 URL Redirection to Untrusted Site ('Open Redirect')
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
cvssv3.1 6.8 https://access.redhat.com/errata/RHSA-2024:10385
generic_textual HIGH https://access.redhat.com/errata/RHSA-2024:10385
cvssv3.1 6.8 https://access.redhat.com/errata/RHSA-2024:10386
generic_textual HIGH https://access.redhat.com/errata/RHSA-2024:10386
cvssv3.1 6.8 https://access.redhat.com/errata/RHSA-2024:6878
generic_textual HIGH https://access.redhat.com/errata/RHSA-2024:6878
cvssv3.1 6.8 https://access.redhat.com/errata/RHSA-2024:6879
generic_textual HIGH https://access.redhat.com/errata/RHSA-2024:6879
cvssv3.1 6.8 https://access.redhat.com/errata/RHSA-2024:6880
generic_textual HIGH https://access.redhat.com/errata/RHSA-2024:6880
cvssv3.1 6.8 https://access.redhat.com/errata/RHSA-2024:6882
generic_textual HIGH https://access.redhat.com/errata/RHSA-2024:6882
cvssv3.1 6.8 https://access.redhat.com/errata/RHSA-2024:6886
generic_textual HIGH https://access.redhat.com/errata/RHSA-2024:6886
cvssv3.1 6.8 https://access.redhat.com/errata/RHSA-2024:6887
generic_textual HIGH https://access.redhat.com/errata/RHSA-2024:6887
cvssv3.1 6.8 https://access.redhat.com/errata/RHSA-2024:6888
generic_textual HIGH https://access.redhat.com/errata/RHSA-2024:6888
cvssv3.1 6.8 https://access.redhat.com/errata/RHSA-2024:6889
generic_textual HIGH https://access.redhat.com/errata/RHSA-2024:6889
cvssv3.1 6.8 https://access.redhat.com/errata/RHSA-2024:6890
generic_textual HIGH https://access.redhat.com/errata/RHSA-2024:6890
cvssv3.1 6.8 https://access.redhat.com/errata/RHSA-2024:8823
generic_textual HIGH https://access.redhat.com/errata/RHSA-2024:8823
cvssv3.1 6.8 https://access.redhat.com/errata/RHSA-2024:8824
generic_textual HIGH https://access.redhat.com/errata/RHSA-2024:8824
cvssv3.1 6.8 https://access.redhat.com/errata/RHSA-2024:8826
generic_textual HIGH https://access.redhat.com/errata/RHSA-2024:8826
cvssv3.1 6.8 https://access.redhat.com/security/cve/CVE-2024-8883
generic_textual HIGH https://access.redhat.com/security/cve/CVE-2024-8883
cvssv3.1 6.8 https://bugzilla.redhat.com/show_bug.cgi?id=2312511
generic_textual HIGH https://bugzilla.redhat.com/show_bug.cgi?id=2312511
cvssv3.1_qr HIGH https://github.com/advisories/GHSA-vvf8-2h68-9475
cvssv3.1 6.8 https://github.com/keycloak/keycloak
generic_textual HIGH https://github.com/keycloak/keycloak
cvssv3.1 6.8 https://github.com/keycloak/keycloak/blob/main/services/src/main/java/org/keycloak/protocol/oidc/utils/RedirectUtils.java
generic_textual HIGH https://github.com/keycloak/keycloak/blob/main/services/src/main/java/org/keycloak/protocol/oidc/utils/RedirectUtils.java
cvssv3.1 6.8 https://github.com/keycloak/keycloak/releases/tag/25.0.6
generic_textual HIGH https://github.com/keycloak/keycloak/releases/tag/25.0.6
cvssv3.1 6.8 https://nvd.nist.gov/vuln/detail/CVE-2024-8883
generic_textual HIGH https://nvd.nist.gov/vuln/detail/CVE-2024-8883
Reference id Reference type URL
https://access.redhat.com/errata/RHSA-2024:10385
https://access.redhat.com/errata/RHSA-2024:10386
https://access.redhat.com/errata/RHSA-2024:6878
https://access.redhat.com/errata/RHSA-2024:6879
https://access.redhat.com/errata/RHSA-2024:6880
https://access.redhat.com/errata/RHSA-2024:6882
https://access.redhat.com/errata/RHSA-2024:6886
https://access.redhat.com/errata/RHSA-2024:6887
https://access.redhat.com/errata/RHSA-2024:6888
https://access.redhat.com/errata/RHSA-2024:6889
https://access.redhat.com/errata/RHSA-2024:6890
https://access.redhat.com/errata/RHSA-2024:8823
https://access.redhat.com/errata/RHSA-2024:8824
https://access.redhat.com/errata/RHSA-2024:8826
https://access.redhat.com/security/cve/CVE-2024-8883
https://bugzilla.redhat.com/show_bug.cgi?id=2312511
https://github.com/keycloak/keycloak
https://github.com/keycloak/keycloak/blob/main/services/src/main/java/org/keycloak/protocol/oidc/utils/RedirectUtils.java
https://github.com/keycloak/keycloak/releases/tag/25.0.6
https://nvd.nist.gov/vuln/detail/CVE-2024-8883
GHSA-vvf8-2h68-9475 https://github.com/advisories/GHSA-vvf8-2h68-9475
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N Found at https://access.redhat.com/errata/RHSA-2024:10385
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N Found at https://access.redhat.com/errata/RHSA-2024:10386
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N Found at https://access.redhat.com/errata/RHSA-2024:6878
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N Found at https://access.redhat.com/errata/RHSA-2024:6879
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N Found at https://access.redhat.com/errata/RHSA-2024:6880
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N Found at https://access.redhat.com/errata/RHSA-2024:6882
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N Found at https://access.redhat.com/errata/RHSA-2024:6886
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N Found at https://access.redhat.com/errata/RHSA-2024:6887
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N Found at https://access.redhat.com/errata/RHSA-2024:6888
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N Found at https://access.redhat.com/errata/RHSA-2024:6889
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N Found at https://access.redhat.com/errata/RHSA-2024:6890
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N Found at https://access.redhat.com/errata/RHSA-2024:8823
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N Found at https://access.redhat.com/errata/RHSA-2024:8824
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N Found at https://access.redhat.com/errata/RHSA-2024:8826
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N Found at https://access.redhat.com/security/cve/CVE-2024-8883
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N Found at https://bugzilla.redhat.com/show_bug.cgi?id=2312511
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N Found at https://github.com/keycloak/keycloak
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N Found at https://github.com/keycloak/keycloak/blob/main/services/src/main/java/org/keycloak/protocol/oidc/utils/RedirectUtils.java
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N Found at https://github.com/keycloak/keycloak/releases/tag/25.0.6
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2024-8883
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

No EPSS data available for this vulnerability.

Date Actor Action Source VulnerableCode Version
2025-07-31T08:30:48.095552+00:00 GithubOSV Importer Import https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/09/GHSA-vvf8-2h68-9475/GHSA-vvf8-2h68-9475.json 37.0.0