Описание
A flaw was found in Keycloak’s CIBA feature where insufficient validation of client-configured backchannel notification endpoints could allow blind server-side requests to internal services.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| keycloak | itp | package |
EPSS
Процентиль: 1%
0.00011
Низкий
Связанные уязвимости
CVSS3: 2.7
redhat
2 месяца назад
A flaw was found in Keycloak’s CIBA feature where insufficient validation of client-configured backchannel notification endpoints could allow blind server-side requests to internal services.
CVSS3: 2.7
nvd
около 2 месяцев назад
A flaw was found in Keycloak’s CIBA feature where insufficient validation of client-configured backchannel notification endpoints could allow blind server-side requests to internal services.
CVSS3: 2.7
github
около 2 месяцев назад
Keycloak Server-Side Request Forgery (SSRF) vulnerability
EPSS
Процентиль: 1%
0.00011
Низкий