CVE-2024-1249

Keycloak: org.keycloak.protocol.oidc: unvalidated cross-origin messages in checkloginiframe leads to ddos

Description

A flaw was found in Keycloak's OIDC component in the "checkLoginIframe," which allows unvalidated cross-origin messages. This flaw allows attackers to coordinate and send millions of requests in seconds using simple code, significantly impacting the application's availability without proper origin validation for incoming messages.

Remediation

Workaround:

Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

References

Link	Tags
https://access.redhat.com/errata/RHSA-2024:1860	vendor advisory
https://access.redhat.com/errata/RHSA-2024:1861	vendor advisory
https://access.redhat.com/errata/RHSA-2024:1862	vendor advisory
https://access.redhat.com/errata/RHSA-2024:1864	vendor advisory
https://access.redhat.com/errata/RHSA-2024:1866	vendor advisory
https://access.redhat.com/errata/RHSA-2024:1867	vendor advisory
https://access.redhat.com/errata/RHSA-2024:1868	vendor advisory
https://access.redhat.com/errata/RHSA-2024:2945	vendor advisory
https://access.redhat.com/errata/RHSA-2024:4057	vendor advisory
https://access.redhat.com/security/cve/CVE-2024-1249	vdb entry
https://bugzilla.redhat.com/show_bug.cgi?id=2262918	issue tracking

Frequently Asked Questions

What is the severity of CVE-2024-1249?: CVE-2024-1249 has been scored as a high severity vulnerability.
How to fix CVE-2024-1249?: As a workaround for remediating CVE-2024-1249: Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Is CVE-2024-1249 being actively exploited in the wild?: As for now, there are no information to confirm that CVE-2024-1249 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-1249?: CVE-2024-1249 affects Red Hat Red Hat AMQ Broker 7, Red Hat Red Hat build of Keycloak 22, Red Hat Red Hat build of Keycloak 22, Red Hat Red Hat build of Keycloak 22, Red Hat Red Hat build of Keycloak 22.0.10, Red Hat Red Hat Single Sign-On 7.6 for RHEL 7, Red Hat Red Hat Single Sign-On 7.6 for RHEL 8, Red Hat Red Hat Single Sign-On 7.6 for RHEL 9, Red Hat RHEL-8 based Middleware Containers, Red Hat RHOSS-1.33-RHEL-8, Red Hat RHOSS-1.33-RHEL-8, Red Hat RHOSS-1.33-RHEL-8, Red Hat RHOSS-1.33-RHEL-8, Red Hat RHOSS-1.33-RHEL-8, Red Hat RHOSS-1.33-RHEL-8, Red Hat RHOSS-1.33-RHEL-8, Red Hat RHOSS-1.33-RHEL-8, Red Hat RHOSS-1.33-RHEL-8, Red Hat RHSSO 7.6.8, Red Hat Migration Toolkit for Applications 6, Red Hat Migration Toolkit for Applications 7, Red Hat Red Hat build of Apicurio Registry 2, Red Hat Red Hat Data Grid 8, Red Hat Red Hat Decision Manager 7, Red Hat Red Hat Developer Hub, Red Hat Red Hat Fuse 7, Red Hat Red Hat JBoss Data Grid 7, Red Hat Red Hat JBoss Enterprise Application Platform 6, Red Hat Red Hat JBoss Enterprise Application Platform 6, Red Hat Red Hat JBoss Enterprise Application Platform 6, Red Hat Red Hat JBoss Enterprise Application Platform 6, Red Hat Red Hat JBoss Enterprise Application Platform 6, Red Hat Red Hat JBoss Enterprise Application Platform 6, Red Hat Red Hat JBoss Enterprise Application Platform 6, Red Hat Red Hat JBoss Enterprise Application Platform 6, Red Hat Red Hat JBoss Enterprise Application Platform 7, Red Hat Red Hat JBoss Enterprise Application Platform 8, Red Hat Red Hat JBoss Enterprise Application Platform Expansion Pack, Red Hat Red Hat Process Automation 7, Red Hat streams for Apache Kafka.

Description

Remediation

Category

CWE-346 – Origin Validation Error

References

Frequently Asked Questions