In Keycloak versions before version 24.0.8 a medium severity vulnerability CVE-2024-8883 was detected. This vulnerability allows attackers to redirect users to fake websites, potentially stealing sensitive information like login details and taking over user accounts. To fix this issue, users should upgrade Keycloak to version 25.0.5. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-8883.
Keycloak: Misconfiguration Leading to URL Redirection Vulnerability
by the Hossted team
24.09.2024
24.09.2024