CVE-2023-6717
Keycloak: xss via assertion consumer service url in saml post-binding flow
CVSS Score
6.0
EPSS Score
0.1%
EPSS Percentile
23th
A flaw was found in the SAML client registration in Keycloak that could allow an administrator to register malicious JavaScript URIs as Assertion Consumer Service POST Binding URLs (ACS), posing a Cross-Site Scripting (XSS) risk. This issue may allow a malicious admin in one realm or a client with registration access to target users in different realms or applications, executing arbitrary JavaScript in their contexts upon form submission. This can enable unauthorized access and harmful actions, compromising the confidentiality, integrity, and availability of the complete KC instance.
| CWE | CWE-79 |
| Published | Apr 25, 2024 |
| Last Updated | Apr 1, 2026 |
Stay Ahead of the Next One
Get instant alerts for
Be the first to know when new medium vulnerabilities are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L Attack Vector
Network
Attack Complexity
High
Privileges Required
High
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
Low
Affected Versions
Red Hat / Red Hat AMQ Broker 7
All versions affected Red Hat / Red Hat build of Keycloak 22
All versions affected Red Hat / Red Hat build of Keycloak 22
All versions affected Red Hat / Red Hat build of Keycloak 22
All versions affected Red Hat / Red Hat build of Keycloak 22.0.10
All versions affected Red Hat / RHOSS-1.33-RHEL-8
All versions affected Red Hat / RHOSS-1.33-RHEL-8
All versions affected Red Hat / RHOSS-1.33-RHEL-8
All versions affected Red Hat / RHOSS-1.33-RHEL-8
All versions affected Red Hat / RHOSS-1.33-RHEL-8
All versions affected Red Hat / RHOSS-1.33-RHEL-8
All versions affected Red Hat / RHOSS-1.33-RHEL-8
All versions affected Red Hat / RHOSS-1.33-RHEL-8
All versions affected Red Hat / RHOSS-1.33-RHEL-8
All versions affected Red Hat / RHPAM 7.13.5 async
All versions affected Red Hat / Migration Toolkit for Applications 6
All versions affected Red Hat / Migration Toolkit for Applications 7
All versions affected Red Hat / Red Hat build of Apicurio Registry 2
All versions affected Red Hat / Red Hat build of Quarkus
All versions affected Red Hat / Red Hat build of Quarkus
All versions affected Red Hat / Red Hat Data Grid 8
All versions affected Red Hat / Red Hat Decision Manager 7
All versions affected Red Hat / Red Hat Developer Hub
All versions affected Red Hat / Red Hat Fuse 7
All versions affected Red Hat / Red Hat JBoss Data Grid 7
All versions affected Red Hat / Red Hat JBoss Enterprise Application Platform 6
All versions affected Red Hat / Red Hat JBoss Enterprise Application Platform 6
All versions affected Red Hat / Red Hat JBoss Enterprise Application Platform 6
All versions affected Red Hat / Red Hat JBoss Enterprise Application Platform 7
All versions affected Red Hat / Red Hat JBoss Enterprise Application Platform 8
All versions affected Red Hat / Red Hat JBoss Enterprise Application Platform Expansion Pack
All versions affected Red Hat / Red Hat OpenShift GitOps
All versions affected Red Hat / Red Hat Process Automation 7
All versions affected Red Hat / Red Hat Single Sign-On 7
All versions affected References
access.redhat.com: https://access.redhat.com/errata/RHSA-2024:1353 access.redhat.com: https://access.redhat.com/errata/RHSA-2024:1867 access.redhat.com: https://access.redhat.com/errata/RHSA-2024:1868 access.redhat.com: https://access.redhat.com/errata/RHSA-2024:2945 access.redhat.com: https://access.redhat.com/errata/RHSA-2024:4057 access.redhat.com: https://access.redhat.com/security/cve/CVE-2023-6717 bugzilla.redhat.com: https://bugzilla.redhat.com/show_bug.cgi?id=2253952