CVE-2024-1249

Description

Keycloak's unvalidated cross-origin messages in checkLoginIframe leads to DDoS

Predictions

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

No vendor mitigations ingested yet for this CVE. The mitigation-content worker queues fetches as references arrive — check back in a few minutes, or see the references list below.

References

• https://github.com/keycloak/keycloak/security/advisories/GHSA-m6q9-p373-g5q8
• https://nvd.nist.gov/vuln/detail/CVE-2024-1249
• https://github.com/keycloak/keycloak/commit/9d9817e15a07195f16f554b7f60ee3a918369e26
• https://github.com/keycloak/keycloak/commit/e3598a53678a1e3698e78eb71e04ba10ca32e5e2
• https://access.redhat.com/errata/RHSA-2024:1860
• https://access.redhat.com/errata/RHSA-2024:1861
• https://access.redhat.com/errata/RHSA-2024:1862
• https://access.redhat.com/errata/RHSA-2024:1864
• https://access.redhat.com/errata/RHSA-2024:1866
• https://access.redhat.com/errata/RHSA-2024:1867
• https://access.redhat.com/errata/RHSA-2024:1868
• https://access.redhat.com/errata/RHSA-2024:2945
• https://access.redhat.com/errata/RHSA-2024:4057
• https://access.redhat.com/security/cve/CVE-2024-1249
• https://bugzilla.redhat.com/show_bug.cgi?id=2262918
• https://github.com/keycloak/keycloak