A flaw was found in Keycloak's OIDC component in the "checkLoginIframe," which allows unvalidated cross-origin messages. This flaw allows attackers to coordinate and send millions of requests in seconds using simple code, significantly impacting the application's availability without proper origin validation for incoming messages.
https://access.redhat.com/errata/RHSA-2024:4057
https://access.redhat.com/errata/RHSA-2024:2945
https://access.redhat.com/errata/RHSA-2024:1868
https://access.redhat.com/errata/RHSA-2024:1867
https://access.redhat.com/errata/RHSA-2024:1866
https://access.redhat.com/errata/RHSA-2024:1864
https://access.redhat.com/errata/RHSA-2024:1862