CVE-2024-1249

7.4 HIGH

Published: April 17, 2024 Modified: April 15, 2026

Description

A flaw was found in Keycloak's OIDC component in the "checkLoginIframe," which allows unvalidated cross-origin messages. This flaw allows attackers to coordinate and send millions of requests in seconds using simple code, significantly impacting the application's availability without proper origin validation for incoming messages.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

CVSS v3.x Details

0.0 Low Medium High Critical 10.0

Vector String

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

https://access.redhat.com/errata/RHSA-2024:1860

Source: secalert@redhat.com

https://access.redhat.com/errata/RHSA-2024:1861

Source: secalert@redhat.com

https://access.redhat.com/errata/RHSA-2024:1862

Source: secalert@redhat.com

https://access.redhat.com/errata/RHSA-2024:1864

Source: secalert@redhat.com

https://access.redhat.com/errata/RHSA-2024:1866

Source: secalert@redhat.com

https://access.redhat.com/errata/RHSA-2024:1867

Source: secalert@redhat.com

https://access.redhat.com/errata/RHSA-2024:1868

Source: secalert@redhat.com

https://access.redhat.com/errata/RHSA-2024:2945

Source: secalert@redhat.com

https://access.redhat.com/errata/RHSA-2024:4057

Source: secalert@redhat.com

https://access.redhat.com/security/cve/CVE-2024-1249

Source: secalert@redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=2262918

Source: secalert@redhat.com

https://access.redhat.com/errata/RHSA-2024:1860

Source: af854a3a-2127-422b-91ae-364da2661108

https://access.redhat.com/errata/RHSA-2024:1861

Source: af854a3a-2127-422b-91ae-364da2661108

https://access.redhat.com/errata/RHSA-2024:1862

Source: af854a3a-2127-422b-91ae-364da2661108

https://access.redhat.com/errata/RHSA-2024:1864

Source: af854a3a-2127-422b-91ae-364da2661108

https://access.redhat.com/errata/RHSA-2024:1866

Source: af854a3a-2127-422b-91ae-364da2661108

https://access.redhat.com/errata/RHSA-2024:1867

Source: af854a3a-2127-422b-91ae-364da2661108

https://access.redhat.com/errata/RHSA-2024:1868

Source: af854a3a-2127-422b-91ae-364da2661108

https://access.redhat.com/errata/RHSA-2024:2945

Source: af854a3a-2127-422b-91ae-364da2661108

https://access.redhat.com/errata/RHSA-2024:4057

Source: af854a3a-2127-422b-91ae-364da2661108

https://access.redhat.com/security/cve/CVE-2024-1249

Source: af854a3a-2127-422b-91ae-364da2661108

https://bugzilla.redhat.com/show_bug.cgi?id=2262918

Source: af854a3a-2127-422b-91ae-364da2661108

22 reference(s) from NVD

Quick Stats

CVSS v3 Score

7.4 / 10.0

Exploitation Status

Not in CISA KEV

Weaknesses (CWE)

CWE-346

Related CVEs

CVE-2026-40962 4.9

CVE-2026-40505 3.3

CVE-2026-40504 9.8

CVE-2026-3299 6.4

CVE-2026-40960 8.1