org.keycloak:keycloak-services@24.0.5 vulnerabilities

org.keycloak:keycloak-services is an open source identity and access management solution for modern applications and services.

Affected versions of this package are vulnerable to External Control of File Name or Path. An attacker could read sensitive information from a Vault file that is not within the expected context by exploiting this vulnerability.

Note:

This is only exploitable if the attacker has previous high access to the Keycloak server in order to perform resource creation.

Upgrade org.keycloak:keycloak-services to version 26.0.6 or higher.

org.keycloak:keycloak-services is an open source identity and access management solution for modern applications and services.

Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) via the SearchQueryUtils method due to improper input sanitization. An attacker could exhaust system resources and achieve denial of service by exploiting this vulnerability.

Upgrade org.keycloak:keycloak-services to version 26.0.6 or higher.

org.keycloak:keycloak-services is an open source identity and access management solution for modern applications and services.

Affected versions of this package are vulnerable to HTTP Request Smuggling due to improper handling of proxy headers resulting in costly DNS resolution operations. An attacker could tie up IO threads and potentially cause a denial of service by exploiting these operations.

Notes:

1. This is only exploitable if the attacker has access to send requests to a Keycloak instance that is configured to accept proxy headers, specifically when reverse proxies do not overwrite incoming headers, and Keycloak is configured to trust these headers.

2. For versions 26.x, this is only exploitable if the realm must have SslRequired=EXTERNAL (the default), HTTP must be enabled, the instance must not be using a full hostname URL, access must come from behind a proxy (assuming the proxy overwrites the X-Forwarded-For header), and trusted proxies must not be set or must incorrectly trust the client from which the request is originating.

Upgrade org.keycloak:keycloak-services to version 26.0.6 or higher.

org.keycloak:keycloak-services is an open source identity and access management solution for modern applications and services.

Affected versions of this package are vulnerable to Open Redirect due to a misconfiguration flaw in the validation of redirect URIs. An attacker can redirect users to an arbitrary URL and potentially expose sensitive information such as authorization codes, leading to session hijacking. Exploiting this vulnerability is possible if a Valid Redirect URI is set to http://localhost/ or http://127.0.0.1/.

Upgrade org.keycloak:keycloak-services to version 22.0.13, 24.0.8, 25.0.6 or higher.

org.keycloak:keycloak-services is an open source identity and access management solution for modern applications and services.

Affected versions of this package are vulnerable to URL Redirection to Untrusted Site ('Open Redirect') due to a misconfiguration flaw in the validation of redirect URIs. An attacker can redirect users to an arbitrary URL and potentially expose sensitive information such as authorization codes, leading to session hijacking.

Note: This is only exploitable if a 'Valid Redirect URI' is set to http://localhost or http://127.0.0.1.

Upgrade org.keycloak:keycloak-services to version 22.0.13, 24.0.8, 25.0.6 or higher.

org.keycloak:keycloak-services is an open source identity and access management solution for modern applications and services.

Affected versions of this package are vulnerable to Open Redirect via the referrer and referrer_uri parameters. This allows an attacker who can convince an admin user to follow a malicious link - which may be further obfuscated by means such as URL encoding - to be redirected to a malicious location.

Upgrade org.keycloak:keycloak-services to version 25.0.0 or higher.