Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2020-1697

Опубликовано: 10 фев. 2020
Источник: nvd
CVSS3: 6.1
CVSS3: 5.4
CVSS2: 3.5
EPSS Низкий

Описание

It was found in all keycloak versions before 9.0.0 that links to external applications (Application Links) in the admin console are not validated properly and could allow Stored XSS attacks. An authed malicious user could create URLs to trick users in other realms, and possibly conduct further attacks.

Ссылки

Уязвимые конфигурации

Конфигурация 1
cpe:2.3:a:redhat:keycloak:*:*:*:*:*:*:*:*
Версия до 9.0.0 (исключая)
Конфигурация 2
cpe:2.3:a:redhat:single_sign-on:7.3:*:*:*:*:*:*:*

EPSS

Процентиль: 51%
0.00283
Низкий

6.1 Medium

CVSS3

5.4 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79
CWE-79

Связанные уязвимости

redhat логотип

CVE-2020-1697

CVSS3: 6.1
redhat
около 6 лет назад

It was found in all keycloak versions before 9.0.0 that links to external applications (Application Links) in the admin console are not validated properly and could allow Stored XSS attacks. An authed malicious user could create URLs to trick users in other realms, and possibly conduct further attacks.

debian логотип

CVE-2020-1697

CVSS3: 6.1
debian
почти 6 лет назад

It was found in all keycloak versions before 9.0.0 that links to exter ...

github логотип

GHSA-8vf3-4w62-m3pq

CVSS3: 5.4
github
почти 6 лет назад

XSS in Keycloak

EPSS

Процентиль: 51%
0.00283
Низкий

6.1 Medium

CVSS3

5.4 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79
CWE-79