Keycloak: Exploiting Open Redirects for Phishing and Malicious Attacks - Proactive Insights and Support For Open-Source Applications

In Keycloak versions before 24.0.7 a medium severity vulnerability CVE-2024-7260 was detected. This vulnerability allows attackers to craft a URL that tricks users or automation into visiting a malicious webpage by exploiting the referrer and referrer_uri parameters. To fix this issue, administrators should carefully validate and sanitize URL parameters and upgrate to 24.0.7 version. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-7260.