A vulnerability was found in Keycloak and classified as problematic. This issue affects the function
checkLoginIframe
. The manipulation leads to permissive cross-domain policy with untrusted domains.
The identification of this vulnerability is CVE-2024-1249. Access to the local network is required for this attack. There is no exploit available.