CVE-2024-8883

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2024-8883
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-8883.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-8883
Aliases
Downstream
Related
Published
2024-09-19T16:15:06.403Z
Modified
2026-02-05T09:53:11.676477Z
Severity
  • 6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
[none]
Details

A misconfiguration flaw was found in Keycloak. This issue can allow an attacker to redirect users to an arbitrary URL if a 'Valid Redirect URI' is set to http://localhost or http://127.0.0.1, enabling sensitive information such as authorization codes to be exposed to the attacker, potentially leading to session hijacking.

References

Affected packages

Git / github.com/rapier1/hpn-ssh

Affected ranges

Type
GIT
Repo
https://github.com/rapier1/hpn-ssh
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
24cb1121a2b0c374bd9af6e85249d57874523422
Last affected
843310342076eb2a6c7d958dd61c8f72aa97d150

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-8883.json"