Sign In

CVE-2023-6291

ADVISORY - github

Summary

An issue was found in the redirect_uri validation logic that allows for a bypass of otherwise explicitly allowed hosts.

The problem arises in the verifyRedirectUri method, which attempts to enforce rules on user-controllable input, but essentially causes a desynchronization in how Keycloak and browsers interpret URLs. Keycloak, for example, receives "www%2ekeycloak%2eorg%2fapp%2f:y@example.com" and thinks the authority to be keycloak.org when it is actually example.com. This happens because the validation logic is performed on a URL decoded version, which no longer represents the original input.

Acknowledgements

Karel Knibbe

EPSS Score: 0.00196 (0.419)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-601

URL Redirection to Untrusted Site ('Open Redirect')

ADVISORY - github

CWE-20

Improper Input Validation

ADVISORY - gitlab

CWE-1035

OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities

CWE-601

URL Redirection to Untrusted Site ('Open Redirect')

CWE-937

OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

ADVISORY - redhat

CWE-601

URL Redirection to Untrusted Site ('Open Redirect')

Impacted images

Advisories
Sign in to Docker Scout

See which of your images are affected by this CVE and how to fix them by signing into Docker Scout.

Sign in