Security Advisory

CVE-2024-1249

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2024-04-17 13:22:48

Last updated 2026-04-30 13:00:08

Assigner redhat

State PUBLISHED

Description

A flaw was found in Keycloaks OIDC component in the "checkLoginIframe," which allows unvalidated cross-origin messages. This flaw allows attackers to coordinate and send millions of requests in seconds using simple code, significantly impacting the applications availability without proper origin validation for incoming messages.

← Browse all CVEs View on cve.org ↗