CVE-2024-1249

high

Apache

CVSS v3 Base Score

7.4

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H

EPSS Score

0.2%

Exploitation probability in 30 days

Top 62% most likely to be exploited

Attack Characteristics

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Confidentiality

None

Integrity

None

Availability

High

Published: April 17, 2024 (757 days ago)

Last Modified: April 30, 2026

Vendor: Apache

Source: MITRE

Description

A flaw was found in Keycloak's OIDC component in the "checkLoginIframe," which allows unvalidated cross-origin messages. This flaw allows attackers to coordinate and send millions of requests in seconds using simple code, significantly impacting the application's availability without proper origin validation for incoming messages.

CWE

CWE-346

Affected Products

Red Hat Red Hat AMQ Broker 7Red Hat Red Hat build of Keycloak 22Red Hat Red Hat build of Keycloak 22.0.10Red Hat Red Hat Single Sign-On 7.6 for RHEL 7Red Hat Red Hat Single Sign-On 7.6 for RHEL 8Red Hat Red Hat Single Sign-On 7.6 for RHEL 9Red Hat RHEL-8 based Middleware ContainersRed Hat RHOSS-1.33-RHEL-8Red Hat RHSSO 7.6.8Red Hat Migration Toolkit for Applications 6

References

🔗 access.redhat.com 🔗 access.redhat.com 🔗 access.redhat.com 🔗 access.redhat.com 🔗 access.redhat.com

CVE-2024-1249

Vulnerability Report

Description

CWE

Affected Products

References