admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-29 17:51:47 +00:00
Code Issues Packages Projects Releases Wiki Activity
cvelist/2024/2xxx/CVE-2024-2419.json

142 lines
6.0 KiB
JSON
Raw Normal View History

"-Synchronized-Data."
2024-04-01 20:44:27 +00:00
{
"-Synchronized-Data."
2024-04-17 14:00:36 +00:00
"data_version": "4.0",
"-Synchronized-Data."
2024-04-01 20:44:27 +00:00
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2024-2419",
"-Synchronized-Data."
2024-04-17 14:00:36 +00:00
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
"-Synchronized-Data."
2024-04-01 20:44:27 +00:00
},
"description": {
"description_data": [
{
"lang": "eng",
"-Synchronized-Data."
2024-04-17 14:00:36 +00:00
"value": "A flaw was found in Keycloak's redirect_uri validation logic. This issue may allow a bypass of otherwise explicitly allowed hosts. A successful attack may lead to the theft of an access token, making it possible for the attacker to impersonate other users. It is very similar to CVE-2023-6291."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "URL Redirection to Untrusted Site ('Open Redirect')",
"cweId": "CWE-601"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"-Synchronized-Data."
2024-04-17 16:00:32 +00:00
"product_name": "Red Hat build of Keycloak 22",
"-Synchronized-Data."
2024-04-17 14:00:36 +00:00
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"-Synchronized-Data."
2024-04-17 16:00:32 +00:00
"versions": [
{
"version": "22.0.10-1",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "22-13",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "22-16",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"-Synchronized-Data."
2024-04-17 14:00:36 +00:00
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
"-Synchronized-Data."
2024-04-17 16:00:32 +00:00
{
"url": "https://access.redhat.com/errata/RHSA-2024:1867",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2024:1867"
},
"-Synchronized-Data."
2024-04-17 14:00:36 +00:00
{
"url": "https://access.redhat.com/security/cve/CVE-2024-2419",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2024-2419"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2269371",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2269371"
}
]
},
"work_around": [
{
"lang": "en",
"value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
}
],
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank Taha Marzak for reporting this issue."
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
"-Synchronized-Data."
2024-04-01 20:44:27 +00:00
}
]
}
}
Reference in New Issue Copy Permalink