CVE-2024-1132

Q: What is the severity of CVE-2024-1132?

CVE-2024-1132 has a CVSS score of 8.1 (HIGH). This vulnerability in Keycloak allows attackers to bypass URL validation in redirects when clients use wildcards in Valid Redirect URIs. Attackers can construct malicious requests to access unauthorized URLs and sensitive information within the domain. This affects Keycloak deployments where clients have configured wildcard redirect URIs and requires user interaction with a malicious link.

8.1 HIGH

Authentication Bypass

📋 TL;DR

This vulnerability in Keycloak allows attackers to bypass URL validation in redirects when clients use wildcards in Valid Redirect URIs. Attackers can construct malicious requests to access unauthorized URLs and sensitive information within the domain. This affects Keycloak deployments where clients have configured wildcard redirect URIs and requires user interaction with a malicious link.

💻 Affected Systems

Products:

Keycloak

Versions: Specific versions not provided in CVE description; check Red Hat advisories for affected versions

Operating Systems: All platforms running Keycloak

Default Config Vulnerable: ✅ No

Notes: Only affects configurations where clients use wildcards in Valid Redirect URIs field

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could access sensitive information, perform unauthorized actions within the domain, or chain with other vulnerabilities for complete system compromise.

🟠

Likely Case

Attackers could access internal resources, steal session tokens, or perform limited unauthorized actions within the affected domain.

🟢

If Mitigated

With proper input validation and redirect restrictions, impact is limited to failed exploitation attempts.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires user interaction with malicious URL and specific client configuration with wildcard redirect URIs

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check Red Hat advisories for specific patched versions

Vendor Advisory: https://access.redhat.com/errata/RHSA-2024:1860

Restart Required: Yes

Instructions:

1. Review Red Hat advisories for affected versions. 2. Update Keycloak to patched version. 3. Restart Keycloak service. 4. Verify fix is applied.

🔧 Temporary Workarounds

Remove wildcard redirect URIs

all

Replace wildcard patterns in Valid Redirect URIs with specific, fully-qualified URLs

Implement strict redirect validation

all

Add additional validation layers for redirect URLs in application code

🧯 If You Can't Patch

Disable or restrict clients using wildcard redirect URIs
Implement WAF rules to detect and block suspicious redirect patterns

🔍 How to Verify

Check if Vulnerable:

Check Keycloak client configurations for wildcard patterns in Valid Redirect URIs field

Check Version:

Check Keycloak server logs or admin console for version information

Verify Fix Applied:

Verify Keycloak version is updated to patched version and test redirect validation

📡 Detection & Monitoring

Log Indicators:

Unusual redirect patterns
Failed redirect validation attempts
Requests with crafted redirect parameters

Network Indicators:

Suspicious redirect chains
Requests to unexpected URLs following authentication

SIEM Query:

Search for redirect parameters containing wildcards or unusual patterns in web server logs

📊 Metadata

CVE ID: CVE-2024-1132

CVSS v3 Score: 8.1 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

CWE: CWE-22

Published: April 17, 2024

Last Updated: June 30, 2025

🔗 References

https://access.redhat.com/errata/RHSA-2024:1860 Vendor Advisory
https://access.redhat.com/errata/RHSA-2024:1861 Vendor Advisory
https://access.redhat.com/errata/RHSA-2024:1862 Vendor Advisory
https://access.redhat.com/errata/RHSA-2024:1864 Vendor Advisory
https://access.redhat.com/errata/RHSA-2024:1866 Vendor Advisory
https://access.redhat.com/errata/RHSA-2024:1867 Vendor Advisory
https://access.redhat.com/errata/RHSA-2024:1868 Vendor Advisory
https://access.redhat.com/errata/RHSA-2024:2945 Vendor Advisory
https://access.redhat.com/errata/RHSA-2024:3752 Vendor Advisory
https://access.redhat.com/errata/RHSA-2024:3762 Vendor Advisory
https://access.redhat.com/errata/RHSA-2024:3919 Vendor Advisory
https://access.redhat.com/errata/RHSA-2024:3989 Vendor Advisory
https://access.redhat.com/security/cve/CVE-2024-1132 Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2262117 Issue Tracking,Vendor Advisory
https://access.redhat.com/errata/RHSA-2024:1860 Vendor Advisory
https://access.redhat.com/errata/RHSA-2024:1861 Vendor Advisory
https://access.redhat.com/errata/RHSA-2024:1862 Vendor Advisory
https://access.redhat.com/errata/RHSA-2024:1864 Vendor Advisory
https://access.redhat.com/errata/RHSA-2024:1866 Vendor Advisory
https://access.redhat.com/errata/RHSA-2024:1867 Vendor Advisory
https://access.redhat.com/errata/RHSA-2024:1868 Vendor Advisory
https://access.redhat.com/errata/RHSA-2024:2945 Vendor Advisory
https://access.redhat.com/errata/RHSA-2024:3752 Vendor Advisory
https://access.redhat.com/errata/RHSA-2024:3762 Vendor Advisory
https://access.redhat.com/errata/RHSA-2024:3919 Vendor Advisory
https://access.redhat.com/errata/RHSA-2024:3989 Vendor Advisory
https://access.redhat.com/security/cve/CVE-2024-1132 Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2262117 Issue Tracking,Vendor Advisory