Keycloak: Security Vulnerability Allowing Unchecked Cross-Origin Messages

In the Keycloak OpenID Connect component in the “checkLoginIframe” a high severity vulnerability CVE-2024-1249 was detected. The vulnerability allows unvalidated cross-origin messages. Attackers can coordinate and send millions of requests in seconds using simple code. It significantly impacts the application’s availability without proper origin validation for incoming messages. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-1249/.