CVE-2024-1249

HIGH Year: 2024
CVSS v3 Score
7.4
High
Weakness Type
CWE-346
View all →

Vulnerability Description

A flaw was found in Keycloak's OIDC component in the "checkLoginIframe," which allows unvalidated cross-origin messages. This flaw allows attackers to coordinate and send millions of requests in seconds using simple code, significantly impacting the application's availability without proper origin validation for incoming messages.

Related Vulnerabilities

CVE-2019-7399

HIGH
CVSS:7.4(High)

Amazon Fire OS before 5.3.6.4 allows a man-in-the-middle attack against HTTP requests for "Terms of Use" and Privacy pages.

CWE-3462019

CVE-2019-9764

HIGH
CVSS:7.4(High)

HashiCorp Consul 1.4.3 lacks server hostname verification for agent-to-agent TLS communication. In other words, the product behaves as if verify_server_hostname were set to false, even when it is actu...

CWE-3462019

CVE-2019-9803

HIGH
CVSS:7.4(High)

The Upgrade-Insecure-Requests (UIR) specification states that if UIR is enabled through Content Security Policy (CSP), navigation to a same-origin URL must be upgraded to HTTPS. Firefox will incorrect...

CWE-3462019

CVE-2024-11602

HIGH
CVSS:7.4(High)

A Cross-Origin Resource Sharing (CORS) vulnerability exists in feast-dev/feast version 0.40.0. The CORS configuration on the agentscope server does not properly restrict access to only trusted origins...

CWE-3462024

CVE-2024-28883

HIGH
CVSS:7.4(High)

An origin validation vulnerability exists in BIG-IP APM browser network access VPN client for Windows, macOS and Linux which may allow an attacker to bypass F5 endpoint inspection. Note: Software vers...

CWE-3462024

CVE-2024-7819

HIGH
CVSS:7.4(High)

A CORS misconfiguration in danswer-ai/danswer v1.4.1 allows attackers to steal sensitive information such as chat contents, API keys, and other data. This vulnerability occurs due to improper validati...

CWE-3462024