{ "threat_severity" : "Moderate", "public_date" : "2024-09-19T15:13:00Z", "bugzilla" : { "description" : "Keycloak: Vulnerable Redirect URI Validation Results in Open Redirec", "id" : "2312511", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2312511" }, "cvss3" : { "cvss3_base_score" : "6.1", "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "status" : "verified" }, "cwe" : "CWE-601", "details" : [ "A misconfiguration flaw was found in Keycloak. This issue can allow an attacker to redirect users to an arbitrary URL if a 'Valid Redirect URI' is set to http://localhost or http://127.0.0.1, enabling sensitive information such as authorization codes to be exposed to the attacker, potentially leading to session hijacking.", "A misconfiguration flaw was found in Keycloak. This issue can allow an attacker to redirect users to an arbitrary URL if a 'Valid Redirect URI' is set to http://localhost or http://127.0.0.1, enabling sensitive information such as authorization codes to be exposed to the attacker, potentially leading to session hijacking." ], "acknowledgement" : "Red Hat would like to thank Karsten Meyer zu Selhausen and Niklas Conrad for reporting this issue.", "affected_release" : [ { "product_name" : "Red Hat Build of Keycloak", "release_date" : "2024-09-19T00:00:00Z", "advisory" : "RHSA-2024:6888", "cpe" : "cpe:/a:redhat:build_keycloak:22", "package" : "org.keycloak/keycloak-services" }, { "product_name" : "Red Hat Build of Keycloak", "release_date" : "2024-09-19T00:00:00Z", "advisory" : "RHSA-2024:6890", "cpe" : "cpe:/a:redhat:build_keycloak:24", "package" : "org.keycloak/keycloak-services" }, { "product_name" : "Red Hat build of Keycloak 22", "release_date" : "2024-09-19T00:00:00Z", "advisory" : "RHSA-2024:6887", "cpe" : "cpe:/a:redhat:build_keycloak:22::el9", "package" : "rhbk/keycloak-operator-bundle:22.0.13-1" }, { "product_name" : "Red Hat build of Keycloak 22", "release_date" : "2024-09-19T00:00:00Z", "advisory" : "RHSA-2024:6887", "cpe" : "cpe:/a:redhat:build_keycloak:22::el9", "package" : "rhbk/keycloak-rhel9:22-18" }, { "product_name" : "Red Hat build of Keycloak 22", "release_date" : "2024-09-19T00:00:00Z", "advisory" : "RHSA-2024:6887", "cpe" : "cpe:/a:redhat:build_keycloak:22::el9", "package" : "rhbk/keycloak-rhel9-operator:22-21" }, { "product_name" : "Red Hat build of Keycloak 24", "release_date" : "2024-09-19T00:00:00Z", "advisory" : "RHSA-2024:6889", "cpe" : "cpe:/a:redhat:build_keycloak:24::el9", "package" : "rhbk/keycloak-operator-bundle:24.0.8-1" }, { "product_name" : "Red Hat build of Keycloak 24", "release_date" : "2024-09-19T00:00:00Z", "advisory" : "RHSA-2024:6889", "cpe" : "cpe:/a:redhat:build_keycloak:24::el9", "package" : "rhbk/keycloak-rhel9:24-17" }, { "product_name" : "Red Hat build of Keycloak 24", "release_date" : "2024-09-19T00:00:00Z", "advisory" : "RHSA-2024:6889", "cpe" : "cpe:/a:redhat:build_keycloak:24::el9", "package" : "rhbk/keycloak-rhel9-operator:24-17" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8", "release_date" : "2024-11-26T00:00:00Z", "advisory" : "RHSA-2024:10385", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8.0", "package" : "org.keycloak/keycloak-services" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8", "release_date" : "2024-11-04T00:00:00Z", "advisory" : "RHSA-2024:8826", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8.0", "package" : "org.keycloak/keycloak-services" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8", "release_date" : "2024-11-26T00:00:00Z", "advisory" : "RHSA-2024:10386", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8", "package" : "eap8-eap-product-conf-parent-0:800.4.1-1.GA_redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8", "release_date" : "2024-11-26T00:00:00Z", "advisory" : "RHSA-2024:10386", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8", "package" : "eap8-wildfly-0:8.0.4-3.GA_redhat_00007.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8", "release_date" : "2024-11-04T00:00:00Z", "advisory" : "RHSA-2024:8823", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8", "package" : "eap8-activemq-artemis-0:2.33.0-1.redhat_00015.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8", "release_date" : "2024-11-04T00:00:00Z", "advisory" : "RHSA-2024:8823", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8", "package" : "eap8-activemq-artemis-native-1:2.0.0-2.redhat_00005.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8", "release_date" : "2024-11-04T00:00:00Z", "advisory" : "RHSA-2024:8823", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8", "package" : "eap8-aesh-extensions-0:1.8.0-2.redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8", "release_date" : "2024-11-04T00:00:00Z", "advisory" : "RHSA-2024:8823", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8", "package" : "eap8-aesh-readline-0:2.2.0-2.redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8", "release_date" : "2024-11-04T00:00:00Z", "advisory" : "RHSA-2024:8823", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8", "package" : "eap8-apache-commons-codec-0:1.16.1-2.redhat_00007.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8", "release_date" : "2024-11-04T00:00:00Z", "advisory" : "RHSA-2024:8823", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8", "package" : "eap8-apache-commons-collections-0:3.2.2-28.redhat_2.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8", "release_date" : "2024-11-04T00:00:00Z", "advisory" : "RHSA-2024:8823", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8", "package" : "eap8-apache-commons-io-0:2.15.1-1.redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8", "release_date" : "2024-11-04T00:00:00Z", "advisory" : "RHSA-2024:8823", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8", "package" : "eap8-apache-commons-lang-0:3.14.0-2.redhat_00006.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8", "release_date" : "2024-11-04T00:00:00Z", "advisory" : "RHSA-2024:8823", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8", "package" : "eap8-apache-cxf-0:4.0.5-1.redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8", "release_date" : "2024-11-04T00:00:00Z", "advisory" : "RHSA-2024:8823", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8", "package" : "eap8-artemis-native-1:2.0.0-2.redhat_00005.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8", "release_date" : "2024-11-04T00:00:00Z", "advisory" : "RHSA-2024:8823", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8", "package" : "eap8-artemis-wildfly-integration-0:2.0.1-1.redhat_00002.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8", "release_date" : "2024-11-04T00:00:00Z", "advisory" : "RHSA-2024:8823", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8", "package" : "eap8-asyncutil-0:0.1.0-2.redhat_00010.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8", "release_date" : "2024-11-04T00:00:00Z", "advisory" : "RHSA-2024:8823", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8", "package" : "eap8-aws-java-sdk-0:1.12.284-2.redhat_00002.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8", "release_date" : "2024-11-04T00:00:00Z", "advisory" : "RHSA-2024:8823", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8", "package" : "eap8-cryptacular-0:1.2.5-2.redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8", "release_date" : "2024-11-04T00:00:00Z", "advisory" : "RHSA-2024:8823", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8", "package" : "eap8-eap-product-conf-parent-0:800.4.0-1.GA_redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8", "release_date" : "2024-11-04T00:00:00Z", "advisory" : "RHSA-2024:8823", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8", "package" : "eap8-fastinfoset-0:2.1.0-4.redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8", "release_date" : "2024-11-04T00:00:00Z", "advisory" : "RHSA-2024:8823", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8", "package" : "eap8-hibernate-0:6.2.31-1.Final_redhat_00002.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8", "release_date" : "2024-11-04T00:00:00Z", "advisory" : "RHSA-2024:8823", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8", "package" : "eap8-hibernate-validator-0:8.0.1-3.Final_redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8", "release_date" : "2024-11-04T00:00:00Z", "advisory" : "RHSA-2024:8823", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8", "package" : "eap8-hppc-0:0.8.1-2.redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8", "release_date" : "2024-11-04T00:00:00Z", "advisory" : "RHSA-2024:8823", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8", "package" : "eap8-insights-java-client-0:1.1.3-1.redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8", "release_date" : "2024-11-04T00:00:00Z", "advisory" : "RHSA-2024:8823", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8", "package" : "eap8-jakarta-servlet-jsp-jstl-api-0:3.0.1-1.redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8", "release_date" : "2024-11-04T00:00:00Z", "advisory" : "RHSA-2024:8823", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8", "package" : "eap8-jboss-cert-helper-0:1.1.3-1.redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8", "release_date" : "2024-11-04T00:00:00Z", "advisory" : "RHSA-2024:8823", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8", "package" : "eap8-jboss-logging-0:3.5.3-1.Final_redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8", "release_date" : "2024-11-04T00:00:00Z", "advisory" : "RHSA-2024:8823", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8", "package" : "eap8-jctools-0:4.0.2-1.redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8", "release_date" : "2024-11-04T00:00:00Z", "advisory" : "RHSA-2024:8823", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8", "package" : "eap8-jgroups-0:5.3.10-1.Final_redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8", "release_date" : "2024-11-04T00:00:00Z", "advisory" : "RHSA-2024:8823", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8", "package" : "eap8-log4j-0:2.22.1-1.redhat_00002.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8", "release_date" : "2024-11-04T00:00:00Z", "advisory" : "RHSA-2024:8823", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8", "package" : "eap8-narayana-0:6.0.3-1.Final_redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8", "release_date" : "2024-11-04T00:00:00Z", "advisory" : "RHSA-2024:8823", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8", "package" : "eap8-nimbus-jose-jwt-0:9.37.3-1.redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8", "release_date" : "2024-11-04T00:00:00Z", "advisory" : "RHSA-2024:8823", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8", "package" : "eap8-objectweb-asm-0:9.6.0-1.redhat_00002.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8", "release_date" : "2024-11-04T00:00:00Z", "advisory" : "RHSA-2024:8823", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8", "package" : "eap8-pem-keystore-0:2.3.0-1.redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8", "release_date" : "2024-11-04T00:00:00Z", "advisory" : "RHSA-2024:8823", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8", "package" : "eap8-resteasy-extensions-0:2.0.1-3.Final_redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8", "release_date" : "2024-11-04T00:00:00Z", "advisory" : "RHSA-2024:8823", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8", "package" : "eap8-resteasy-spring-0:3.0.1-2.Final_redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8", "release_date" : "2024-11-04T00:00:00Z", "advisory" : "RHSA-2024:8823", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8", "package" : "eap8-saaj-impl-0:3.0.4-1.redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8", "release_date" : "2024-11-04T00:00:00Z", "advisory" : "RHSA-2024:8823", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8", "package" : "eap8-shibboleth-java-support-0:8.0.0-6.redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8", "release_date" : "2024-11-04T00:00:00Z", "advisory" : "RHSA-2024:8823", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8", "package" : "eap8-slf4j-0:2.0.16-1.redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8", "release_date" : "2024-11-04T00:00:00Z", "advisory" : "RHSA-2024:8823", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8", "package" : "eap8-snakeyaml-0:2.2.0-1.redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8", "release_date" : "2024-11-04T00:00:00Z", "advisory" : "RHSA-2024:8823", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8", "package" : "eap8-wildfly-0:8.0.4-2.GA_redhat_00005.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9", "release_date" : "2024-11-26T00:00:00Z", "advisory" : "RHSA-2024:10386", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9", "package" : "eap8-eap-product-conf-parent-0:800.4.1-1.GA_redhat_00001.1.el9eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9", "release_date" : "2024-11-26T00:00:00Z", "advisory" : "RHSA-2024:10386", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9", "package" : "eap8-wildfly-0:8.0.4-3.GA_redhat_00007.1.el9eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9", "release_date" : "2024-11-04T00:00:00Z", "advisory" : "RHSA-2024:8824", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9", "package" : "eap8-activemq-artemis-0:2.33.0-1.redhat_00015.1.el9eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9", "release_date" : "2024-11-04T00:00:00Z", "advisory" : "RHSA-2024:8824", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9", "package" : "eap8-activemq-artemis-native-1:2.0.0-2.redhat_00005.1.el9eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9", "release_date" : "2024-11-04T00:00:00Z", "advisory" : "RHSA-2024:8824", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9", "package" : "eap8-aesh-extensions-0:1.8.0-2.redhat_00001.1.el9eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9", "release_date" : "2024-11-04T00:00:00Z", "advisory" : "RHSA-2024:8824", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9", "package" : "eap8-aesh-readline-0:2.2.0-2.redhat_00001.1.el9eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9", "release_date" : "2024-11-04T00:00:00Z", "advisory" : "RHSA-2024:8824", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9", "package" : "eap8-apache-commons-codec-0:1.16.1-2.redhat_00007.1.el9eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9", "release_date" : "2024-11-04T00:00:00Z", "advisory" : "RHSA-2024:8824", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9", "package" : "eap8-apache-commons-collections-0:3.2.2-28.redhat_2.1.el9eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9", "release_date" : "2024-11-04T00:00:00Z", "advisory" : "RHSA-2024:8824", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9", "package" : "eap8-apache-commons-io-0:2.15.1-1.redhat_00001.1.el9eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9", "release_date" : "2024-11-04T00:00:00Z", "advisory" : "RHSA-2024:8824", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9", "package" : "eap8-apache-commons-lang-0:3.14.0-2.redhat_00006.1.el9eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9", "release_date" : "2024-11-04T00:00:00Z", "advisory" : "RHSA-2024:8824", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9", "package" : "eap8-apache-cxf-0:4.0.5-1.redhat_00001.1.el9eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9", "release_date" : "2024-11-04T00:00:00Z", "advisory" : "RHSA-2024:8824", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9", "package" : "eap8-artemis-native-1:2.0.0-2.redhat_00005.1.el9eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9", "release_date" : "2024-11-04T00:00:00Z", "advisory" : "RHSA-2024:8824", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9", "package" : "eap8-artemis-wildfly-integration-0:2.0.1-1.redhat_00002.1.el9eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9", "release_date" : "2024-11-04T00:00:00Z", "advisory" : "RHSA-2024:8824", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9", "package" : "eap8-asyncutil-0:0.1.0-2.redhat_00010.1.el9eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9", "release_date" : "2024-11-04T00:00:00Z", "advisory" : "RHSA-2024:8824", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9", "package" : "eap8-aws-java-sdk-0:1.12.284-2.redhat_00002.1.el9eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9", "release_date" : "2024-11-04T00:00:00Z", "advisory" : "RHSA-2024:8824", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9", "package" : "eap8-cryptacular-0:1.2.5-2.redhat_00001.1.el9eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9", "release_date" : "2024-11-04T00:00:00Z", "advisory" : "RHSA-2024:8824", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9", "package" : "eap8-eap-product-conf-parent-0:800.4.0-1.GA_redhat_00001.1.el9eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9", "release_date" : "2024-11-04T00:00:00Z", "advisory" : "RHSA-2024:8824", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9", "package" : "eap8-fastinfoset-0:2.1.0-4.redhat_00001.1.el9eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9", "release_date" : "2024-11-04T00:00:00Z", "advisory" : "RHSA-2024:8824", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9", "package" : "eap8-hibernate-0:6.2.31-1.Final_redhat_00002.1.el9eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9", "release_date" : "2024-11-04T00:00:00Z", "advisory" : "RHSA-2024:8824", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9", "package" : "eap8-hibernate-validator-0:8.0.1-3.Final_redhat_00001.1.el9eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9", "release_date" : "2024-11-04T00:00:00Z", "advisory" : "RHSA-2024:8824", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9", "package" : "eap8-hppc-0:0.8.1-2.redhat_00001.1.el9eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9", "release_date" : "2024-11-04T00:00:00Z", "advisory" : "RHSA-2024:8824", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9", "package" : "eap8-insights-java-client-0:1.1.3-1.redhat_00001.1.el9eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9", "release_date" : "2024-11-04T00:00:00Z", "advisory" : "RHSA-2024:8824", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9", "package" : "eap8-jakarta-servlet-jsp-jstl-api-0:3.0.1-1.redhat_00001.1.el9eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9", "release_date" : "2024-11-04T00:00:00Z", "advisory" : "RHSA-2024:8824", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9", "package" : "eap8-jboss-cert-helper-0:1.1.3-1.redhat_00001.1.el9eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9", "release_date" : "2024-11-04T00:00:00Z", "advisory" : "RHSA-2024:8824", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9", "package" : "eap8-jboss-logging-0:3.5.3-1.Final_redhat_00001.1.el9eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9", "release_date" : "2024-11-04T00:00:00Z", "advisory" : "RHSA-2024:8824", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9", "package" : "eap8-jctools-0:4.0.2-1.redhat_00001.1.el9eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9", "release_date" : "2024-11-04T00:00:00Z", "advisory" : "RHSA-2024:8824", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9", "package" : "eap8-jgroups-0:5.3.10-1.Final_redhat_00001.1.el9eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9", "release_date" : "2024-11-04T00:00:00Z", "advisory" : "RHSA-2024:8824", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9", "package" : "eap8-log4j-0:2.22.1-1.redhat_00002.1.el9eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9", "release_date" : "2024-11-04T00:00:00Z", "advisory" : "RHSA-2024:8824", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9", "package" : "eap8-narayana-0:6.0.3-1.Final_redhat_00001.1.el9eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9", "release_date" : "2024-11-04T00:00:00Z", "advisory" : "RHSA-2024:8824", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9", "package" : "eap8-nimbus-jose-jwt-0:9.37.3-1.redhat_00001.1.el9eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9", "release_date" : "2024-11-04T00:00:00Z", "advisory" : "RHSA-2024:8824", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9", "package" : "eap8-objectweb-asm-0:9.6.0-1.redhat_00002.1.el9eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9", "release_date" : "2024-11-04T00:00:00Z", "advisory" : "RHSA-2024:8824", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9", "package" : "eap8-pem-keystore-0:2.3.0-1.redhat_00001.1.el9eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9", "release_date" : "2024-11-04T00:00:00Z", "advisory" : "RHSA-2024:8824", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9", "package" : "eap8-resteasy-extensions-0:2.0.1-3.Final_redhat_00001.1.el9eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9", "release_date" : "2024-11-04T00:00:00Z", "advisory" : "RHSA-2024:8824", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9", "package" : "eap8-resteasy-spring-0:3.0.1-2.Final_redhat_00001.1.el9eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9", "release_date" : "2024-11-04T00:00:00Z", "advisory" : "RHSA-2024:8824", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9", "package" : "eap8-saaj-impl-0:3.0.4-1.redhat_00001.1.el9eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9", "release_date" : "2024-11-04T00:00:00Z", "advisory" : "RHSA-2024:8824", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9", "package" : "eap8-shibboleth-java-support-0:8.0.0-6.redhat_00001.1.el9eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9", "release_date" : "2024-11-04T00:00:00Z", "advisory" : "RHSA-2024:8824", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9", "package" : "eap8-slf4j-0:2.0.16-1.redhat_00001.1.el9eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9", "release_date" : "2024-11-04T00:00:00Z", "advisory" : "RHSA-2024:8824", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9", "package" : "eap8-snakeyaml-0:2.2.0-1.redhat_00001.1.el9eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9", "release_date" : "2024-11-04T00:00:00Z", "advisory" : "RHSA-2024:8824", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9", "package" : "eap8-wildfly-0:8.0.4-2.GA_redhat_00005.1.el9eap" }, { "product_name" : "Red Hat Single Sign-On 7", "release_date" : "2024-09-19T00:00:00Z", "advisory" : "RHSA-2024:6886", "cpe" : "cpe:/a:redhat:red_hat_single_sign_on:7.6", "package" : "org.keycloak/keycloak-services" }, { "product_name" : "Red Hat Single Sign-On 7.6 for RHEL 7", "release_date" : "2024-09-19T00:00:00Z", "advisory" : "RHSA-2024:6878", "cpe" : "cpe:/a:redhat:red_hat_single_sign_on:7.6::el7", "package" : "rh-sso7-keycloak-0:18.0.18-1.redhat_00001.1.el7sso" }, { "product_name" : "Red Hat Single Sign-On 7.6 for RHEL 8", "release_date" : "2024-09-19T00:00:00Z", "advisory" : "RHSA-2024:6879", "cpe" : "cpe:/a:redhat:red_hat_single_sign_on:7.6::el8", "package" : "rh-sso7-keycloak-0:18.0.18-1.redhat_00001.1.el8sso" }, { "product_name" : "Red Hat Single Sign-On 7.6 for RHEL 9", "release_date" : "2024-09-19T00:00:00Z", "advisory" : "RHSA-2024:6880", "cpe" : "cpe:/a:redhat:red_hat_single_sign_on:7.6::el9", "package" : "rh-sso7-keycloak-0:18.0.18-1.redhat_00001.1.el9sso" }, { "product_name" : "RHEL-8 based Middleware Containers", "release_date" : "2024-09-19T00:00:00Z", "advisory" : "RHSA-2024:6882", "cpe" : "cpe:/a:redhat:rhosemc:1.0::el8", "package" : "rh-sso-7/sso76-openshift-rhel8:7.6-54" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2024-8883\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-8883\nhttps://github.com/keycloak/keycloak/blob/main/services/src/main/java/org/keycloak/protocol/oidc/utils/RedirectUtils.java" ], "name" : "CVE-2024-8883", "mitigation" : { "value" : "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "lang" : "en:us" }, "csaw" : false }