Aikido Intel
Secure My Code
Intel

AIKIDO-2024-10367

keycloak-services is vulnerable to URL Redirection to Untrusted Site ('Open Redirect')

URL Redirection to Untrusted Site ('Open Redirect')CVE-2024-10492 Published Oct 25, 2024

63

Medium Risk

This Affects:

javakeycloak-services
0.0.1 - 22.0.12
Fixed in 22.0.13
24.0.0 - 24.0.7
Fixed in 24.0.8
25.0.0 - 25.0.5
Fixed in 25.0.6
Are you affected? Scan for Free

TL;DR

Affected versions of the package are vulnerable to open redirect due to a misconfiguration in the validation of redirect URIs. An attacker can exploit this flaw by setting a valid redirect URI to http://localhost/ or http://127.0.0.1/, causing the application to redirect users to a malicious location.

Who does this affect?

You are affected if you are using a version that falls within the vulnerable range.

Background info

keycloak-services is vulnerable to URL Redirection to Untrusted Site ('Open Redirect') in versions 0.0.1 - 22.0.12, 24.0.0 - 24.0.7 and 25.0.0 - 25.0.5.

How to fix this

Upgrade the org.keycloak:keycloak-services library to a patch version.

Links

Are You Affected?

Connect your repositories to instantly see whether vulnerable or malicious packages exist in your codebase.

Scan for Free
Book a Demo

Free. No credit card required.

Aikido Platform
Subscribe
Stay up to date with all updates
LinkedIn YouTube X
© 2026 Aikido Security BV | BE0792914919
Ghent, Belgium | San Francisco, US
SOC 2SOC 2Compliant
ISO 27001ISO 27001Compliant
Get Security Done