CVE-2020-10734

Опубликовано: 11 фев. 2021

Источник: nvd

CVSS3: 3.3

CVSS2: 2.1

EPSS Низкий

Описание

A vulnerability was found in keycloak in the way that the OIDC logout endpoint does not have CSRF protection. Versions shipped with Red Hat Fuse 7, Red Hat Single Sign-on 7, and Red Hat Openshift Application Runtimes are believed to be vulnerable.

Ссылки

https://bugzilla.redhat.com/show_bug.cgi?id=1831662
Issue Tracking
Vendor Advisory
https://issues.redhat.com/browse/KEYCLOAK-13653
Permissions Required
Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1831662
Issue Tracking
Vendor Advisory
https://issues.redhat.com/browse/KEYCLOAK-13653
Permissions Required
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:redhat:keycloak:-:*:*:*:*:*:*:*

Конфигурация 2

Одно из

cpe:2.3:a:redhat:jboss_fuse:7.0.0:*:*:*:*:*:*:*

cpe:2.3:a:redhat:openshift_application_runtimes:-:*:*:*:*:*:*:*

cpe:2.3:a:redhat:single_sign-on:7.0:*:*:*:*:*:*:*

EPSS

Процентиль: 4%

0.0002

Низкий

3.3 Low

CVSS3

2.1 Low

CVSS2

Дефекты

CWE-352

Связанные уязвимости

CVE-2020-10734

CVSS3: 3.3

redhat

почти 5 лет назад

CVE-2020-10734

CVSS3: 3.3

debian

почти 5 лет назад

A vulnerability was found in keycloak in the way that the OIDC logout ...

GHSA-rvjg-gxwx-j5gf

CVSS3: 3.3

github

почти 4 года назад

OIDC Logout redirect in keycloak

EPSS

Процентиль: 4%

0.0002

Низкий

3.3 Low

CVSS3

2.1 Low

CVSS2

Дефекты

CWE-352