4.6

CVSS Score

3.1

Basic Information

CVE ID

GHSA ID

GHSA-3p75-q5cc-qmj7

EPSS Score

CWE

CWE-601

Published

12/19/2023

Updated

12/23/2024

KEV Status

Technology

Java

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

GHSA-3p75-q5cc-qmj7

GHSA-3p75-q5cc-qmj7: Duplicate Advisory: Keycloak Open Redirect vulnerability

Duplicate Advisory

This advisory has been withdrawn because it is a duplicate of GHSA-9vm7-v8wj-3fqw. This link is maintained to preserve external references.

Original Description

A flaw was found in Keycloak. This issue may allow an attacker to steal authorization codes or tokens from clients using a wildcard in the JARM response mode "form_post.jwt" which could be used to bypass the security patch implemented to address CVE-2023-6134.

(GitHub Advisory)

4.6

CVSS Score

3.1

Basic Information

CVE ID

GHSA ID

GHSA-3p75-q5cc-qmj7

EPSS Score

CWE

CWE-601

Published

12/19/2023

Updated

12/23/2024

KEV Status

Technology

Java

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
org.keycloak:keycloak-parent	maven	<= 23.0.3

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stems from improper redirect URI validation in JARM 'form_post.jwt' responses. AuthorizationEndpoint is the primary handler for OIDC authorization flows, and JARMUtil handles JARM-specific logic. The first function likely fails to enforce strict redirect URI matching when processing wildcards in JARM mode, while the second might improperly embed unvalidated URIs in JWTs. Confidence is high for AuthorizationEndpoint due to its central role in response handling, and medium for JARMUtil as secondary processing logic.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

# *upli**t* **visory T*is **visory **s ***n wit**r*wn ****us* it is * *upli**t* o* **S*-*vm*-v*wj-**qw. T*is link is m*int*in** to pr*s*rv* *xt*rn*l r***r*n**s. # Ori*in*l **s*ription * *l*w w*s *oun* in K*y*lo*k. T*is issu* m*y *llow *n *tt**k*r to

Reasoning

T** vuln*r**ility st*ms *rom improp*r r**ir**t URI v*li**tion in J*RM '*orm_post.jwt' r*spons*s. `*ut*oriz*tion*n*point` is t** prim*ry **n*l*r *or OI** *ut*oriz*tion *lows, *n* `J*RMUtil` **n*l*s J*RM-sp**i*i* lo*i*. T** *irst `*un*tion` lik*ly **il

4.6

Basic Information

Concerned about an active attack path?

GHSA-3p75-q5cc-qmj7: Duplicate Advisory: Keycloak Open Redirect vulnerability

Duplicate Advisory

Original Description

4.6

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI