Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2020-1727

Опубликовано: 22 июн. 2020
Источник: nvd
CVSS3: 6.4
CVSS3: 5.4
CVSS2: 5.5
EPSS Низкий

Описание

A vulnerability was found in Keycloak before 9.0.2, where every Authorization URL that points to an IDP server lacks proper input validation as it allows a wide range of characters. This flaw allows a malicious to craft deep links that introduce further attack scenarios on affected clients.

Ссылки

Уязвимые конфигурации

Конфигурация 1
cpe:2.3:a:redhat:keycloak:*:*:*:*:*:*:*:*
Версия до 9.0.2 (исключая)

EPSS

Процентиль: 40%
0.00184
Низкий

6.4 Medium

CVSS3

5.4 Medium

CVSS3

5.5 Medium

CVSS2

Дефекты

CWE-20
CWE-20

Связанные уязвимости

redhat логотип

CVE-2020-1727

CVSS3: 6.4
redhat
больше 5 лет назад

A vulnerability was found in Keycloak before 9.0.2, where every Authorization URL that points to an IDP server lacks proper input validation as it allows a wide range of characters. This flaw allows a malicious to craft deep links that introduce further attack scenarios on affected clients.

debian логотип

CVE-2020-1727

CVSS3: 6.4
debian
больше 5 лет назад

A vulnerability was found in Keycloak before 9.0.2, where every Author ...

github логотип

GHSA-pw23-237p-qf6r

github
больше 3 лет назад

A vulnerability was found in Keycloak before 9.0.2, where every Authorization URL that points to an IDP server lacks proper input validation as it allows a wide range of characters. This flaw allows a malicious to craft deep links that introduce further attack scenarios on affected clients.

EPSS

Процентиль: 40%
0.00184
Низкий

6.4 Medium

CVSS3

5.4 Medium

CVSS3

5.5 Medium

CVSS2

Дефекты

CWE-20
CWE-20