CVE-2023-6291

ADVISORY - github

Summary

An issue was found in the redirect_uri validation logic that allows for a bypass of otherwise explicitly allowed hosts.

The problem arises in the verifyRedirectUri method, which attempts to enforce rules on user-controllable input, but essentially causes a desynchronization in how Keycloak and browsers interpret URLs. Keycloak, for example, receives "www%2ekeycloak%2eorg%2fapp%2f:y@example.com" and thinks the authority to be keycloak.org when it is actually example.com. This happens because the validation logic is performed on a URL decoded version, which no longer represents the original input.

Acknowledgements

Karel Knibbe

EPSS Score⁠: 0.00196 (0.419)

Common Weakness Enumeration (CWE)

ADVISORY - nist

Docker

CREATED

2 years ago

UPDATED

2 years ago

ADVISORY ID

CVE-2023-6291

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

NIST

CREATED

2 years ago

UPDATED

11 months ago

ADVISORY IDCVE-2023-6291⁠

EXPLOITABILITY SCORE

2.8

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-601⁠

CVSS SCORE

7.1high

GitHub

CREATED

2 years ago

UPDATED

2 years ago

ADVISORY IDGHSA-mpwq-j3xf-7m5w⁠

EXPLOITABILITY SCORE

2.8

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-20⁠

CVSS SCORE

7.1high

GitLab

CREATED

2 years ago

UPDATED

2 years ago

ADVISORY ID

CVE-2023-6291

EXPLOITABILITY SCORE

2.8

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-1035⁠CWE-601⁠CWE-937⁠

CVSS SCORE

7.1high

Red Hat

CREATED

2 years ago

UPDATED

8 months ago

ADVISORY IDCVE-2023-6291⁠

EXPLOITABILITY SCORE

2.8

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-601⁠

CVSS SCORE

7.1high

CVE-2023-6291

Summary

Acknowledgements

Common Weakness Enumeration (CWE)

CWE-601⁠

CWE-20⁠

CWE-1035⁠

CWE-601⁠

CWE-937⁠

CWE-601⁠

Advisories

Docker

NIST

CVSS SCORE

GitHub

CVSS SCORE

GitLab

CVSS SCORE

Red Hat

CVSS SCORE