CVE-2023-6134: 
Java vulnerability analysis and mitigation

A security vulnerability (CVE-2023-6134) was discovered in Keycloak that allows bypass of redirect scheme restrictions when a wildcard is appended to the token. This vulnerability was identified as an incomplete fix for CVE-2020-10748 and was disclosed on December 14, 2023. The flaw affects various versions of Red Hat Single Sign-On and Red Hat build of Keycloak products (Red Hat Advisory).

The vulnerability is related to the redirect_uri validation logic in Keycloak's authentication system. The flaw allows certain schemes in redirects that should be blocked if a wildcard is appended to the token. This vulnerability has been assigned a CVSS v3.1 base score of 5.4 (Medium) with the vector CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N by NIST NVD, while Red Hat assigned it a score of 4.6 (Medium) with vector CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N (NVD).

The vulnerability could allow an attacker to submit specially crafted requests leading to cross-site scripting (XSS) attacks or potentially further malicious activities. The impact is particularly concerning as it affects the authentication and single sign-on capabilities of web and mobile applications using affected Keycloak versions (Red Hat Bugzilla).

Red Hat has released security updates to address this vulnerability across multiple products. Updates are available for Red Hat Single Sign-On 7.6.6 and Red Hat build of Keycloak 22.0.7. Users are advised to upgrade to the patched versions. The fix has been distributed through multiple security advisories including RHSA-2023:7854, RHSA-2023:7855, RHSA-2023:7856, and others (Red Hat Advisory).