VDB
RHSA-2023%3A2041
RHSA-2023%3A2041
PUBLISHED
CVSS 8.100000381469727 HIGH
A flaw was found in Keycloak, where it does not properly validate URLs included in a redirect. An attacker can use this flaw to construct a malicious request to bypass validation and access other URLs and potentially sensitive information within the domain or possibly conduct further attacks. This flaw affects any client that utilizes a wildcard in the Valid Redirect URIs field.
Risk Scores
CVSS 3.1
8.100000381469727
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Red Hat | mta/mta-windup-addon-rhel8@sha256:4268ab203ca9fd8ae3919dc80dbf31d2ce8591f2df55d6e5f4a12ead716a0cc0_amd64 as a component of MTA 6.1 for RHEL 8 | mta/mta-windup-addon-rhel8@sha256:4268ab203ca9fd8ae3919dc80dbf31d2ce8591f2df55d6e5f4a12ead716a0cc0_amd64, * |
| Red Hat | mta/mta-ui-rhel8@sha256:24a3853bfc2cb9d37aa0a58e9c20224b3f9af91b8f55fbb0fe307294ad522685_amd64 as a component of MTA 6.1 for RHEL 8 | mta/mta-ui-rhel8@sha256:24a3853bfc2cb9d37aa0a58e9c20224b3f9af91b8f55fbb0fe307294ad522685_amd64, * |
| Red Hat | mta/mta-operator-bundle@sha256:eb99432ed3e453011e00bff4f6bc71b4347842e652335cc14d03ea4c96214c35_amd64 as a component of MTA 6.1 for RHEL 8 | *, * |
| Red Hat | mta/mta-pathfinder-rhel8@sha256:8e2f586345d6b7e1c2e6d31b8e24965c38aa1640cbec0fb564deb2b2792c2c46_amd64 as a component of MTA 6.1 for RHEL 8 | mta/mta-pathfinder-rhel8@sha256:8e2f586345d6b7e1c2e6d31b8e24965c38aa1640cbec0fb564deb2b2792c2c46_amd64, * |
| Red Hat | mta/mta-hub-rhel8@sha256:c99e9df8b290935990e627a1ebe56da81dde49573aabb5a3c9133589f8f5b166_amd64 as a component of MTA 6.1 for RHEL 8 | *, mta/mta-hub-rhel8@sha256:c99e9df8b290935990e627a1ebe56da81dde49573aabb5a3c9133589f8f5b166_amd64 |
| Red Hat | mta/mta-rhel8-operator@sha256:aa8087d3d9fa8123d2f925d6ddb3f7e3bde2c72ab02946cbe4d779f3450a8e09_amd64 as a component of MTA 6.1 for RHEL 8 | *, mta/mta-rhel8-operator@sha256:aa8087d3d9fa8123d2f925d6ddb3f7e3bde2c72ab02946cbe4d779f3450a8e09_amd64 |
Timeline
- Apr 27, 2023 CVE Published
- May 1, 2026 Distribution Patch
- May 1, 2026 Distribution Patch
- May 1, 2026 Security Advisory
- May 1, 2026 Security Advisory
- May 1, 2026 Security Advisory
- May 1, 2026 Security Advisory
- May 1, 2026 Security Advisory
- May 16, 2026 CVE Updated
References
- https://access.redhat.com/errata/RHSA-2023:2041 advisory
- https://access.redhat.com/security/updates/classification/#important advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2138971 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=2155682 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=2162200 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=2170431 issue
- https://issues.redhat.com/browse/MTA-118 advisory
- https://issues.redhat.com/browse/MTA-123 advisory
- https://issues.redhat.com/browse/MTA-129 advisory
- https://issues.redhat.com/browse/MTA-160 advisory
- https://issues.redhat.com/browse/MTA-204 advisory
- https://issues.redhat.com/browse/MTA-256 advisory
- https://issues.redhat.com/browse/MTA-260 advisory
- https://issues.redhat.com/browse/MTA-261 advisory
- https://issues.redhat.com/browse/MTA-263 advisory
- https://issues.redhat.com/browse/MTA-267 advisory
- https://issues.redhat.com/browse/MTA-268 advisory
- https://issues.redhat.com/browse/MTA-279 advisory
- https://issues.redhat.com/browse/MTA-28 advisory
- https://issues.redhat.com/browse/MTA-282 advisory
…and 64 more