CVE-2023-6291
Keycloak: redirect_uri validation bypass
CVSS Score
7.1
EPSS Score
0.0%
EPSS Percentile
0th
A flaw was found in the redirect_uri validation logic in Keycloak. This issue may allow a bypass of otherwise explicitly allowed hosts. A successful attack may lead to an access token being stolen, making it possible for the attacker to impersonate other users.
| CWE | CWE-601 |
| Vendor | red hat |
| Product | red hat build of keycloak 22 |
| Published | Jan 26, 2024 |
| Last Updated | Nov 11, 2025 |
Stay Ahead of the Next One
Get instant alerts for red hat red hat build of keycloak 22
Be the first to know when new high vulnerabilities affecting red hat red hat build of keycloak 22 are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
Low
Affected Versions
Red Hat / Red Hat build of Keycloak 22
All versions affected Red Hat / Red Hat build of Keycloak 22
All versions affected Red Hat / Red Hat build of Keycloak 22
All versions affected Red Hat / Red Hat build of Keycloak 22.0.7
All versions affected Red Hat / Red Hat Single Sign-On 7
All versions affected Red Hat / Red Hat Single Sign-On 7.6 for RHEL 7
All versions affected Red Hat / Red Hat Single Sign-On 7.6 for RHEL 7
All versions affected Red Hat / Red Hat Single Sign-On 7.6 for RHEL 8
All versions affected Red Hat / Red Hat Single Sign-On 7.6 for RHEL 8
All versions affected Red Hat / Red Hat Single Sign-On 7.6 for RHEL 9
All versions affected Red Hat / Red Hat Single Sign-On 7.6 for RHEL 9
All versions affected Red Hat / RHEL-8 based Middleware Containers
All versions affected Red Hat / RHEL-8 based Middleware Containers
All versions affected Red Hat / RHEL-8 based Middleware Containers
All versions affected Red Hat / Single Sign-On 7.6.6
All versions affected Red Hat / Migration Toolkit for Applications 6
All versions affected Red Hat / Migration Toolkit for Applications 7
All versions affected Red Hat / OpenShift Serverless
All versions affected Red Hat / Red Hat Data Grid 8
All versions affected Red Hat / Red Hat Decision Manager 7
All versions affected Red Hat / Red Hat Fuse 7
All versions affected Red Hat / Red Hat JBoss Data Grid 7
All versions affected Red Hat / Red Hat JBoss Enterprise Application Platform 6
All versions affected Red Hat / Red Hat Process Automation 7
All versions affected References
access.redhat.com: https://access.redhat.com/errata/RHSA-2023:7854 access.redhat.com: https://access.redhat.com/errata/RHSA-2023:7855 access.redhat.com: https://access.redhat.com/errata/RHSA-2023:7856 access.redhat.com: https://access.redhat.com/errata/RHSA-2023:7857 access.redhat.com: https://access.redhat.com/errata/RHSA-2023:7858 access.redhat.com: https://access.redhat.com/errata/RHSA-2023:7860 access.redhat.com: https://access.redhat.com/errata/RHSA-2023:7861 access.redhat.com: https://access.redhat.com/errata/RHSA-2024:0798 access.redhat.com: https://access.redhat.com/errata/RHSA-2024:0799 access.redhat.com: https://access.redhat.com/errata/RHSA-2024:0800 access.redhat.com: https://access.redhat.com/errata/RHSA-2024:0801 access.redhat.com: https://access.redhat.com/errata/RHSA-2024:0804 access.redhat.com: https://access.redhat.com/security/cve/CVE-2023-6291 bugzilla.redhat.com: https://bugzilla.redhat.com/show_bug.cgi?id=2251407