Описание
A flaw was found in JBOSS Keycloak 3.2.1.Final. The Redirect URL for both Login and Logout are not normalized in org.keycloak.protocol.oidc.utils.RedirectUtils before the redirect url is verified. This can lead to an Open Redirection attack
Ссылки
- Vendor Advisory
- Vendor Advisory
- Vendor Advisory
- Issue TrackingVendor Advisory
- Vendor Advisory
- Vendor Advisory
- Vendor Advisory
- Issue TrackingVendor Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:redhat:keycloak:3.2.1:*:*:*:*:*:*:*
EPSS
Процентиль: 47%
0.0024
Низкий
6.1 Medium
CVSS3
5.8 Medium
CVSS2
Дефекты
CWE-601
CWE-601
Связанные уязвимости
CVSS3: 6.1
redhat
около 7 лет назад
A flaw was found in JBOSS Keycloak 3.2.1.Final. The Redirect URL for both Login and Logout are not normalized in org.keycloak.protocol.oidc.utils.RedirectUtils before the redirect url is verified. This can lead to an Open Redirection attack
CVSS3: 6.1
debian
около 7 лет назад
A flaw was found in JBOSS Keycloak 3.2.1.Final. The Redirect URL for b ...
EPSS
Процентиль: 47%
0.0024
Низкий
6.1 Medium
CVSS3
5.8 Medium
CVSS2
Дефекты
CWE-601
CWE-601