Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2020-1723

Опубликовано: 28 янв. 2021
Источник: nvd
CVSS3: 6.1
CVSS2: 5.8
EPSS Низкий

Описание

A flaw was found in Keycloak Gatekeeper (Louketo). The logout endpoint can be abused to redirect logged-in users to arbitrary web pages. Affected versions of Keycloak Gatekeeper (Louketo): 6.0.1, 7.0.0

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:keycloak_gatekeeper_project:keycloak_gatekeeper:6.0.1:*:*:*:*:*:*:*
cpe:2.3:a:keycloak_gatekeeper_project:keycloak_gatekeeper:7.0.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:mobile_application_platform:4.0:*:*:*:*:*:*:*

EPSS

Процентиль: 36%
0.00155
Низкий

6.1 Medium

CVSS3

5.8 Medium

CVSS2

Дефекты

CWE-601
CWE-601

Связанные уязвимости

redhat логотип

CVE-2020-1723

CVSS3: 4.3
redhat
около 5 лет назад

A flaw was found in Keycloak Gatekeeper (Louketo). The logout endpoint can be abused to redirect logged-in users to arbitrary web pages. Affected versions of Keycloak Gatekeeper (Louketo): 6.0.1, 7.0.0

debian логотип

CVE-2020-1723

CVSS3: 6.1
debian
около 5 лет назад

A flaw was found in Keycloak Gatekeeper (Louketo). The logout endpoint ...

github логотип

GHSA-xf65-pwfc-rxcm

CVSS3: 4.3
github
больше 3 лет назад

The logout endpoint /oauth/logout?redirect=url can be abused to redirect logged in users to arbitrary web pages. This vulnerability could be used in phishing attacks. Versions shipped with Red Hat Mobile Aplication Platform 4 are believed to be vulnerable.

EPSS

Процентиль: 36%
0.00155
Низкий

6.1 Medium

CVSS3

5.8 Medium

CVSS2

Дефекты

CWE-601
CWE-601