Vulnerability Database
296,746
Total vulnerabilities in the database
CVE-2024-1249
A flaw was found in Keycloak's OIDC component in the "checkLoginIframe," which allows unvalidated cross-origin messages. This flaw allows attackers to coordinate and send millions of requests in seconds using simple code, significantly impacting the application's availability without proper origin validation for incoming messages.
| Software | From | Fixed in |
|---|---|---|
org.keycloak / keycloak-services
|
- | 22.0.10 |
|
org.keycloak / keycloak-services
|
23.0.0 | 24.0.3 |
- https://access.redhat.com/errata/RHSA-2024:1860
- https://access.redhat.com/errata/RHSA-2024:1861
- https://access.redhat.com/errata/RHSA-2024:1862
- https://access.redhat.com/errata/RHSA-2024:1864
- https://access.redhat.com/errata/RHSA-2024:1866
- https://access.redhat.com/errata/RHSA-2024:1867
- https://access.redhat.com/errata/RHSA-2024:1868
- https://access.redhat.com/errata/RHSA-2024:2945
- https://access.redhat.com/errata/RHSA-2024:4057
- https://access.redhat.com/errata/RHSA-2025:9582
- https://access.redhat.com/errata/RHSA-2025:9583
- https://access.redhat.com/security/cve/CVE-2024-1249
- https://bugzilla.redhat.com/show_bug.cgi?id=2262918
- https://github.com/keycloak/keycloak/commit/9d9817e15a07195f16f554b7f60ee3a918369e26
- https://github.com/keycloak/keycloak/commit/e3598a53678a1e3698e78eb71e04ba10ca32e5e2
- https://github.com/keycloak/keycloak/security/advisories/GHSA-m6q9-p373-g5q8
Deep Security Visibility Without the Complexity
SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.
- No setup fees
- 5-min deployment
- Cancel anytime