CVE-2024-1249

A flaw was found in Keycloak's OIDC component in the "checkLoginIframe," which allows unvalidated cross-origin messages. This flaw allows attackers to coordinate and send millions of requests in seconds using simple code, significantly impacting the application's availability without proper origin validation for incoming messages.

Published: Apr 17, 2024
Updated: May 4, 2025
CVE: CVE-2024-1249
GHSA: GHSA-m6q9-p373-g5q8
Severity: High
Exploit:

CVSS v3:

Severity: Unknown
Score:
AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H

CWEs:

CWE-346

Affected Software
References

Software	From	Fixed in
org.keycloak / keycloak-services	-	22.0.10
org.keycloak / keycloak-services	23.0.0	24.0.3

https://access.redhat.com/errata/RHSA-2024:1860
https://access.redhat.com/errata/RHSA-2024:1861
https://access.redhat.com/errata/RHSA-2024:1862
https://access.redhat.com/errata/RHSA-2024:1864
https://access.redhat.com/errata/RHSA-2024:1866
https://access.redhat.com/errata/RHSA-2024:1867
https://access.redhat.com/errata/RHSA-2024:1868
https://access.redhat.com/errata/RHSA-2024:2945
https://access.redhat.com/errata/RHSA-2024:4057
https://access.redhat.com/errata/RHSA-2025:9582
https://access.redhat.com/errata/RHSA-2025:9583
https://access.redhat.com/security/cve/CVE-2024-1249
https://bugzilla.redhat.com/show_bug.cgi?id=2262918
https://github.com/keycloak/keycloak/commit/9d9817e15a07195f16f554b7f60ee3a918369e26
https://github.com/keycloak/keycloak/commit/e3598a53678a1e3698e78eb71e04ba10ca32e5e2
https://github.com/keycloak/keycloak/security/advisories/GHSA-m6q9-p373-g5q8

Vulnerability Database

289,599

CVE-2024-1249