VDB

RHSA-2023%3A2041

RHSA-2023%3A2041 PUBLISHED CVSS 8.100000381469727 HIGH

A flaw was found in Keycloak, where it does not properly validate URLs included in a redirect. An attacker can use this flaw to construct a malicious request to bypass validation and access other URLs and potentially sensitive information within the domain or possibly conduct further attacks. This flaw affects any client that utilizes a wildcard in the Valid Redirect URIs field.

Risk Scores

CVSS 3.1
8.100000381469727
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

Affected Products

VendorProductVersions
Red Hatmta/mta-windup-addon-rhel8@sha256:4268ab203ca9fd8ae3919dc80dbf31d2ce8591f2df55d6e5f4a12ead716a0cc0_amd64 as a component of MTA 6.1 for RHEL 8mta/mta-windup-addon-rhel8@sha256:4268ab203ca9fd8ae3919dc80dbf31d2ce8591f2df55d6e5f4a12ead716a0cc0_amd64, *
Red Hatmta/mta-ui-rhel8@sha256:24a3853bfc2cb9d37aa0a58e9c20224b3f9af91b8f55fbb0fe307294ad522685_amd64 as a component of MTA 6.1 for RHEL 8mta/mta-ui-rhel8@sha256:24a3853bfc2cb9d37aa0a58e9c20224b3f9af91b8f55fbb0fe307294ad522685_amd64, *
Red Hatmta/mta-operator-bundle@sha256:eb99432ed3e453011e00bff4f6bc71b4347842e652335cc14d03ea4c96214c35_amd64 as a component of MTA 6.1 for RHEL 8*, *
Red Hatmta/mta-pathfinder-rhel8@sha256:8e2f586345d6b7e1c2e6d31b8e24965c38aa1640cbec0fb564deb2b2792c2c46_amd64 as a component of MTA 6.1 for RHEL 8mta/mta-pathfinder-rhel8@sha256:8e2f586345d6b7e1c2e6d31b8e24965c38aa1640cbec0fb564deb2b2792c2c46_amd64, *
Red Hatmta/mta-hub-rhel8@sha256:c99e9df8b290935990e627a1ebe56da81dde49573aabb5a3c9133589f8f5b166_amd64 as a component of MTA 6.1 for RHEL 8*, mta/mta-hub-rhel8@sha256:c99e9df8b290935990e627a1ebe56da81dde49573aabb5a3c9133589f8f5b166_amd64
Red Hatmta/mta-rhel8-operator@sha256:aa8087d3d9fa8123d2f925d6ddb3f7e3bde2c72ab02946cbe4d779f3450a8e09_amd64 as a component of MTA 6.1 for RHEL 8*, mta/mta-rhel8-operator@sha256:aa8087d3d9fa8123d2f925d6ddb3f7e3bde2c72ab02946cbe4d779f3450a8e09_amd64

Timeline

  • Apr 27, 2023 CVE Published
  • May 1, 2026 Distribution Patch
  • May 1, 2026 Distribution Patch
  • May 1, 2026 Security Advisory
  • May 1, 2026 Security Advisory
  • May 1, 2026 Security Advisory
  • May 1, 2026 Security Advisory
  • May 1, 2026 Security Advisory
  • May 16, 2026 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›