Exploit

CVE-2023-6134

Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) (CWE-75)

Published: Nov 14, 2023 / Updated: 12mo ago

GitHub Security Advisory: GHSA-cvg2-7c3j-g36j Release Date: 2023-12-18 Update Date: 2023-12-18 Severity: Moderate CVE-2023-6134 Base Score: 4.6 Vector String: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N Package Information Package: org.keycloak:keycloak-services Affected Versions: Patched Versions: 23.0.3 Description Keycloak prevents certain schemes in redirects, but permits them if a wildcard is appended to the token.

Important: Red Hat Single Sign-On 7.6.7 security update on RHEL 8 A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

New Red Hat Single Sign-On 7.6.7 packages are now available for Red Hat Enterprise Linux 9.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

This issue may allow an attacker to steal authorization codes or tokens from clients using a wildcard in the JARM response mode "form_post.jwt" which could be used to bypass the security patch implemented to address CVE-2023-6134. 2255027 - keycloak: open redirect via "form_post.jwt" JARM response mode

Multiple vulnerabilities have been found in Hitachi Ops Center Common Services. Product name: Hitachi Ops Center Common Services

In 2020, a blog post was published here about the real-world security implications of a vague specification of the Redirect URI within the OAuth 2.0 RFC1. At that time, I focussed on redirect-based flows. This post uncovers additional protocol-level issues that lead to security vulnerabilities in popular and well-audited SSO implementations such as Authentik (CVE-2024-21637), Keycloak (CVE-2023-6134), and FusionAuth. Notably, the vulnerabilities were identified in the context of the OAuth 2.0 Form Post Response Mode2 and the SAML POST-Binding3 and therefore are not limited to OAuth 2.0 and OpenID Connect, but also affect SAML-based SSO-Flows. In this post, we will dive into specification inaccuracies regarding the use of dangerous pseudo-schemes (JavaScript-URIs) in combination with POST-based SSO flows such as the OAuth 2.0 Form Post Response Mode2 and the SAML POST-Bindings3, resulting in a protocol-level Cross-Site Scripting (XSS) vulnerability pattern.

Successful exploitation of this vulnerability may allow a remote attacker to perform a phishing attack and steal potentially sensitive information. The vulnerability allows a remote attacker to gain access to sensitive information.

Successful exploitation of this vulnerability may allow a remote attacker to perform a phishing attack and steal potentially sensitive information. The vulnerability allows a remote attacker to gain access to sensitive information.

Vulnerable products: Keycloak, Red Hat SSO . This computer vulnerability announce impacts software or systems such as Keycloak, Red Hat SSO .