{
  "threat_severity" : "Moderate",
  "public_date" : "2024-04-16T00:00:00Z",
  "bugzilla" : {
    "description" : "keycloak: XSS via assertion consumer service URL in SAML POST-binding flow",
    "id" : "2253952",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2253952"
  },
  "cvss3" : {
    "cvss3_base_score" : "6.0",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L",
    "status" : "verified"
  },
  "cwe" : "CWE-79",
  "details" : [ "A flaw was found in the SAML client registration in Keycloak that could allow an administrator to register malicious JavaScript URIs as Assertion Consumer Service POST Binding URLs (ACS), posing a Cross-Site Scripting (XSS) risk. This issue may allow a malicious admin in one realm or a client with registration access to target users in different realms or applications, executing arbitrary JavaScript in their contexts upon form submission. This can enable unauthorized access and harmful actions, compromising the confidentiality, integrity, and availability of the complete KC instance.", "A flaw was found in the SAML client registration in Keycloak that could allow an administrator to register malicious JavaScript URIs as Assertion Consumer Service POST Binding URLs (ACS), posing a Cross-Site Scripting (XSS) risk. This issue may allow a malicious admin in one realm or a client with registration access to target users in different realms or applications, executing arbitrary JavaScript in their contexts upon form submission. This can enable unauthorized access and harmful actions, compromising the confidentiality, integrity, and availability of the complete KC instance." ],
  "affected_release" : [ {
    "product_name" : "Red Hat AMQ Broker 7",
    "release_date" : "2024-05-21T00:00:00Z",
    "advisory" : "RHSA-2024:2945",
    "cpe" : "cpe:/a:redhat:amq_broker:7.12",
    "package" : "keycloak"
  }, {
    "product_name" : "Red Hat build of Keycloak 22",
    "release_date" : "2024-04-16T00:00:00Z",
    "advisory" : "RHSA-2024:1867",
    "cpe" : "cpe:/a:redhat:build_keycloak:22::el9",
    "package" : "rhbk/keycloak-operator-bundle:22.0.10-1"
  }, {
    "product_name" : "Red Hat build of Keycloak 22",
    "release_date" : "2024-04-16T00:00:00Z",
    "advisory" : "RHSA-2024:1867",
    "cpe" : "cpe:/a:redhat:build_keycloak:22::el9",
    "package" : "rhbk/keycloak-rhel9:22-13"
  }, {
    "product_name" : "Red Hat build of Keycloak 22",
    "release_date" : "2024-04-16T00:00:00Z",
    "advisory" : "RHSA-2024:1867",
    "cpe" : "cpe:/a:redhat:build_keycloak:22::el9",
    "package" : "rhbk/keycloak-rhel9-operator:22-16"
  }, {
    "product_name" : "Red Hat build of Keycloak 22.0.10",
    "release_date" : "2024-04-16T00:00:00Z",
    "advisory" : "RHSA-2024:1868",
    "cpe" : "cpe:/a:redhat:build_keycloak:22",
    "package" : "keycloak"
  }, {
    "product_name" : "RHOSS-1.33-RHEL-8",
    "release_date" : "2024-06-24T00:00:00Z",
    "advisory" : "RHSA-2024:4057",
    "cpe" : "cpe:/a:redhat:openshift_serverless:1.33::el8",
    "package" : "openshift-serverless-1/logic-data-index-ephemeral-rhel8:1.33.0-5"
  }, {
    "product_name" : "RHOSS-1.33-RHEL-8",
    "release_date" : "2024-06-24T00:00:00Z",
    "advisory" : "RHSA-2024:4057",
    "cpe" : "cpe:/a:redhat:openshift_serverless:1.33::el8",
    "package" : "openshift-serverless-1/logic-data-index-postgresql-rhel8:1.33.0-5"
  }, {
    "product_name" : "RHOSS-1.33-RHEL-8",
    "release_date" : "2024-06-24T00:00:00Z",
    "advisory" : "RHSA-2024:4057",
    "cpe" : "cpe:/a:redhat:openshift_serverless:1.33::el8",
    "package" : "openshift-serverless-1/logic-jobs-service-ephemeral-rhel8:1.33.0-5"
  }, {
    "product_name" : "RHOSS-1.33-RHEL-8",
    "release_date" : "2024-06-24T00:00:00Z",
    "advisory" : "RHSA-2024:4057",
    "cpe" : "cpe:/a:redhat:openshift_serverless:1.33::el8",
    "package" : "openshift-serverless-1/logic-jobs-service-postgresql-rhel8:1.33.0-5"
  }, {
    "product_name" : "RHOSS-1.33-RHEL-8",
    "release_date" : "2024-06-24T00:00:00Z",
    "advisory" : "RHSA-2024:4057",
    "cpe" : "cpe:/a:redhat:openshift_serverless:1.33::el8",
    "package" : "openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8:1.33.0-5"
  }, {
    "product_name" : "RHOSS-1.33-RHEL-8",
    "release_date" : "2024-06-24T00:00:00Z",
    "advisory" : "RHSA-2024:4057",
    "cpe" : "cpe:/a:redhat:openshift_serverless:1.33::el8",
    "package" : "openshift-serverless-1/logic-operator-bundle:1.33.0-5"
  }, {
    "product_name" : "RHOSS-1.33-RHEL-8",
    "release_date" : "2024-06-24T00:00:00Z",
    "advisory" : "RHSA-2024:4057",
    "cpe" : "cpe:/a:redhat:openshift_serverless:1.33::el8",
    "package" : "openshift-serverless-1/logic-rhel8-operator:1.33.0-3"
  }, {
    "product_name" : "RHOSS-1.33-RHEL-8",
    "release_date" : "2024-06-24T00:00:00Z",
    "advisory" : "RHSA-2024:4057",
    "cpe" : "cpe:/a:redhat:openshift_serverless:1.33::el8",
    "package" : "openshift-serverless-1/logic-swf-builder-rhel8:1.33.0-5"
  }, {
    "product_name" : "RHOSS-1.33-RHEL-8",
    "release_date" : "2024-06-24T00:00:00Z",
    "advisory" : "RHSA-2024:4057",
    "cpe" : "cpe:/a:redhat:openshift_serverless:1.33::el8",
    "package" : "openshift-serverless-1/logic-swf-devmode-rhel8:1.33.0-5"
  }, {
    "product_name" : "RHPAM 7.13.5 async",
    "release_date" : "2024-03-18T00:00:00Z",
    "advisory" : "RHSA-2024:1353",
    "cpe" : "cpe:/a:redhat:jboss_enterprise_bpms_platform:7.13"
  } ],
  "package_state" : [ {
    "product_name" : "Migration Toolkit for Applications 6",
    "fix_state" : "Will not fix",
    "package_name" : "mta/mta-ui-rhel8",
    "cpe" : "cpe:/a:redhat:migration_toolkit_applications:6"
  }, {
    "product_name" : "Migration Toolkit for Applications 7",
    "fix_state" : "Not affected",
    "package_name" : "mta/mta-ui-rhel9",
    "cpe" : "cpe:/a:redhat:migration_toolkit_applications:7"
  }, {
    "product_name" : "Red Hat build of Apicurio Registry 2",
    "fix_state" : "Affected",
    "package_name" : "keycloak",
    "cpe" : "cpe:/a:redhat:service_registry:2"
  }, {
    "product_name" : "Red Hat build of Quarkus",
    "fix_state" : "Not affected",
    "package_name" : "org.keycloak/keycloak-core",
    "cpe" : "cpe:/a:redhat:quarkus:2"
  }, {
    "product_name" : "Red Hat build of Quarkus",
    "fix_state" : "Not affected",
    "package_name" : "org.keycloak/keycloak-core",
    "cpe" : "cpe:/a:redhat:quarkus:3"
  }, {
    "product_name" : "Red Hat Data Grid 8",
    "fix_state" : "Will not fix",
    "package_name" : "keycloak",
    "cpe" : "cpe:/a:redhat:jboss_data_grid:8"
  }, {
    "product_name" : "Red Hat Decision Manager 7",
    "fix_state" : "Fix deferred",
    "package_name" : "keycloak",
    "cpe" : "cpe:/a:redhat:jboss_enterprise_brms_platform:7"
  }, {
    "product_name" : "Red Hat Developer Hub",
    "fix_state" : "Not affected",
    "package_name" : "rhdh/rhdh-hub-rhel9",
    "cpe" : "cpe:/a:redhat:rhdh:1"
  }, {
    "product_name" : "Red Hat Fuse 7",
    "fix_state" : "Will not fix",
    "package_name" : "keycloak",
    "cpe" : "cpe:/a:redhat:jboss_fuse:7"
  }, {
    "product_name" : "Red Hat JBoss Data Grid 7",
    "fix_state" : "Will not fix",
    "package_name" : "keycloak",
    "cpe" : "cpe:/a:redhat:jboss_data_grid:7"
  }, {
    "product_name" : "Red Hat JBoss Enterprise Application Platform 6",
    "fix_state" : "Out of support scope",
    "package_name" : "keycloak",
    "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6"
  }, {
    "product_name" : "Red Hat JBoss Enterprise Application Platform 6",
    "fix_state" : "Out of support scope",
    "package_name" : "org.keycloak-keycloak-parent",
    "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6"
  }, {
    "product_name" : "Red Hat JBoss Enterprise Application Platform 6",
    "fix_state" : "Out of support scope",
    "package_name" : "rh-sso7-keycloak",
    "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6"
  }, {
    "product_name" : "Red Hat JBoss Enterprise Application Platform 7",
    "fix_state" : "Not affected",
    "package_name" : "keycloak",
    "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7"
  }, {
    "product_name" : "Red Hat JBoss Enterprise Application Platform 8",
    "fix_state" : "Not affected",
    "package_name" : "keycloak",
    "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8"
  }, {
    "product_name" : "Red Hat JBoss Enterprise Application Platform Expansion Pack",
    "fix_state" : "Not affected",
    "package_name" : "keycloak",
    "cpe" : "cpe:/a:redhat:jbosseapxp"
  }, {
    "product_name" : "Red Hat OpenShift GitOps",
    "fix_state" : "Will not fix",
    "package_name" : "openshift-gitops-1/gitops-rhel8-operator",
    "cpe" : "cpe:/a:redhat:openshift_gitops:1"
  }, {
    "product_name" : "Red Hat Process Automation 7",
    "fix_state" : "Fix deferred",
    "package_name" : "keycloak",
    "cpe" : "cpe:/a:redhat:jboss_enterprise_bpms_platform:7"
  }, {
    "product_name" : "Red Hat Single Sign-On 7",
    "fix_state" : "Affected",
    "package_name" : "rh-sso7-keycloak",
    "cpe" : "cpe:/a:redhat:red_hat_single_sign_on:7"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2023-6717\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-6717" ],
  "name" : "CVE-2023-6717",
  "csaw" : false
}