Uploaded image for project: 'Migration Toolkit for Applications'
  1. Migration Toolkit for Applications
  2. MTA-5773

CVE-2024-1249 mta-ui-container: keycloak: org.keycloak.protocol.oidc: unvalidated cross-origin messages in checkLoginIframe leads to DDoS [mta-7]

XMLWordPrintable

    • Quality / Stability / Reliability
    • False
    • Hide

      None

      Show
      None
    • False
    • None

      Security Tracking Issue

      Do not make this issue public.

      Impact: Important
      Reported Date: 06-Feb-2024
      Resolve Bug By: 06-Apr-2024

      In case the dates above are already past, please evaluate this bug in your next prioritization review and make a decision then.

      Please see the Security Errata Policy for further details: https://docs.engineering.redhat.com/x/9kKpDw

      Flaw:

      an issue is discovered with the jsonpointer library, and it was fixed in version 0.19.5, as well as there is an issue with the openapi3 dependency and was fixed in version 0.108.0. lastly protobuf was found to have issues in version 1.25.0 and was fixed in version 1.30.0

              midays mohamed idays
              midays mohamed idays
              mohamed idays mohamed idays
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated: