Security Advisory

CVE-2024-8883

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2024-09-19 15:48:28

Last updated 2026-04-01 13:27:25

Assigner redhat

State PUBLISHED

Description

A misconfiguration flaw was found in Keycloak. This issue can allow an attacker to redirect users to an arbitrary URL if a Valid Redirect URI is set to http://localhost or http://127.0.0.1, enabling sensitive information such as authorization codes to be exposed to the attacker, potentially leading to session hijacking.

← Browse all CVEs View on cve.org ↗