Описание
A flaw was found in Keycloak’s CIBA feature where insufficient validation of client-configured backchannel notification endpoints could allow blind server-side requests to internal services.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| keycloak | itp | package |
EPSS
Процентиль: 6%
0.00024
Низкий
Связанные уязвимости
CVSS3: 2.7
nvd
6 дней назад
A flaw was found in Keycloak’s CIBA feature where insufficient validation of client-configured backchannel notification endpoints could allow blind server-side requests to internal services.
CVSS3: 2.7
github
6 дней назад
Keycloak Server-Side Request Forgery (SSRF) vulnerability
EPSS
Процентиль: 6%
0.00024
Низкий