CVE-2024-1249

HIGH 7.4

Keycloak: org.keycloak.protocol.oidc: unvalidated cross-origin messages in checkloginiframe leads to ddos

CVSS Score

7.4

EPSS Score

0.2%

EPSS Percentile

39th

A flaw was found in Keycloak's OIDC component in the "checkLoginIframe," which allows unvalidated cross-origin messages. This flaw allows attackers to coordinate and send millions of requests in seconds using simple code, significantly impacting the application's availability without proper origin validation for incoming messages.

CWE	CWE-346
Published	Apr 17, 2024
Last Updated	Apr 1, 2026

Stay Ahead of the Next One

Get instant alerts for

Be the first to know when new high vulnerabilities are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Changed

Confidentiality

None

Integrity

None

Availability

High

Affected Versions

Red Hat / Red Hat AMQ Broker 7

All versions affected

Red Hat / Red Hat build of Keycloak 22

All versions affected

Red Hat / Red Hat build of Keycloak 22

All versions affected

Red Hat / Red Hat build of Keycloak 22

All versions affected

Red Hat / Red Hat build of Keycloak 22.0.10

All versions affected

Red Hat / Red Hat Single Sign-On 7.6 for RHEL 7

All versions affected

Red Hat / Red Hat Single Sign-On 7.6 for RHEL 8

All versions affected

Red Hat / Red Hat Single Sign-On 7.6 for RHEL 9

All versions affected

Red Hat / RHEL-8 based Middleware Containers

All versions affected

Red Hat / RHOSS-1.33-RHEL-8

All versions affected

Red Hat / RHOSS-1.33-RHEL-8

All versions affected

Red Hat / RHOSS-1.33-RHEL-8

All versions affected

Red Hat / RHOSS-1.33-RHEL-8

All versions affected

Red Hat / RHOSS-1.33-RHEL-8

All versions affected

Red Hat / RHOSS-1.33-RHEL-8

All versions affected

Red Hat / RHOSS-1.33-RHEL-8

All versions affected

Red Hat / RHOSS-1.33-RHEL-8

All versions affected

Red Hat / RHOSS-1.33-RHEL-8

All versions affected

Red Hat / RHSSO 7.6.8

All versions affected

Red Hat / Migration Toolkit for Applications 6

All versions affected

Red Hat / Migration Toolkit for Applications 7

All versions affected

Red Hat / Red Hat build of Apicurio Registry 2

All versions affected

Red Hat / Red Hat Data Grid 8

All versions affected

Red Hat / Red Hat Decision Manager 7

All versions affected

Red Hat / Red Hat Developer Hub

All versions affected

Red Hat / Red Hat Fuse 7

All versions affected

Red Hat / Red Hat JBoss Data Grid 7

All versions affected