CVE-2024-1249

Publication date

2024-04-17 13:22:48

Family

redhat

State

PUBLISHED

Description

A flaw was found in Keycloaks OIDC component in the "checkLoginIframe," which allows unvalidated cross-origin messages. This flaw allows attackers to coordinate and send millions of requests in seconds using simple code, significantly impacting the applications availability without proper origin validation for incoming messages.