Path Traversal in Red Hat Migration Toolkit For Runtimes 1 On Rhel 8
CVE-2024-1132
A flaw was found in Keycloak, where it does not properly validate URLs included in a redirect. This issue could allow an attacker to construct a malicious request to bypass validation and access other URLs and sensitive information within…
Vulnerability class: Path Traversal (Directory Traversal)
EPSS: 0.016 (71.9th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 8.1 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N.
Affected products
- Red Hat Migration Toolkit For Runtimes 1 On Rhel 8 — versions 1.2-23, 1.2-15, 1.2-16
- Red Hat Mta-6.2-rhel-9 — versions 6.2.3-2
- Red Hat Amq Broker 7
- Red Hat Build Of Apicurio Registry 2
- Red Hat Build Of Keycloak 22 — versions 22.0.10-1, 22-13, 22-16
- Red Hat Build Of Keycloak 22.0.10
- Red Hat Build Of Quarkus
- Red Hat Data Grid 8
- Red Hat Decision Manager 7
- Red Hat Fuse 7
Weakness classification (CWE)
References
- secalert@redhat.com (x_refsource_REDHAT, vendor-advisory, Vendor Advisory)
- secalert@redhat.com (x_refsource_REDHAT, vendor-advisory, Vendor Advisory)
- secalert@redhat.com (x_refsource_REDHAT, vendor-advisory, Vendor Advisory)
- secalert@redhat.com (x_refsource_REDHAT, vendor-advisory, Vendor Advisory)
- secalert@redhat.com (x_refsource_REDHAT, vendor-advisory, Vendor Advisory)
- secalert@redhat.com (x_refsource_REDHAT, vendor-advisory, Vendor Advisory)
- secalert@redhat.com (x_refsource_REDHAT, vendor-advisory, Vendor Advisory)
- secalert@redhat.com (x_refsource_REDHAT, vendor-advisory, Vendor Advisory)
- secalert@redhat.com (x_refsource_REDHAT, vendor-advisory, Vendor Advisory)
- secalert@redhat.com (x_refsource_REDHAT, vendor-advisory, Vendor Advisory)
Frequently asked questions
- What is CVE-2024-1132?
- CVE-2024-1132 is a high-severity vulnerability in Red Hat Migration Toolkit For Runtimes 1 On Rhel 8, classified under Path Traversal. CVSS score: 8.1/10. Published 2024-04-17.
- How severe is CVE-2024-1132?
- High severity. CVSS v3 base score is 8.1 out of 10.