A reflected cross-site scripting (XSS) vulnerability was found in the oob OAuth endpoint due to incorrect null-byte handling. This issue allows a malicious link to insert an arbitrary URI into a Keycloak error page. This flaw requires a user or administrator to interact with a link in order to be vulnerable. This may compromise user details, allowing it to be changed or collected by an attacker.
The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special characters that could be interpreted as web-scripting elements when they are sent to an error page.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Keycloak | Redhat | - (including) | - (including) |
Red Hat Single Sign-On 7 | RedHat | keycloak-core | * |
Red Hat Single Sign-On 7.6 for RHEL 7 | RedHat | rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso | * |
Red Hat Single Sign-On 7.6 for RHEL 8 | RedHat | rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso | * |
Red Hat Single Sign-On 7.6 for RHEL 9 | RedHat | rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso | * |
Error pages may include customized 403 Forbidden or 404 Not Found pages. When an attacker can trigger an error that contains script syntax within the attacker’s input, then cross-site scripting attacks may be possible.