Описание
A flaw was found in keycloak where keycloak may fail to logout user session if the logout request comes from external SAML identity provider and Principal Type is set to Attribute [Name].
Ссылки
- Issue TrackingPatchThird Party Advisory
- Issue TrackingPatchThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:redhat:keycloak:9.0.13:*:*:*:*:*:*:*
Конфигурация 2
Одно из
cpe:2.3:a:redhat:single_sign-on:7.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:single_sign-on:7.4:*:*:*:*:*:*:*
cpe:2.3:a:redhat:single_sign-on:7.4.7:*:*:*:*:*:*:*
EPSS
Процентиль: 16%
0.00052
Низкий
7.1 High
CVSS3
3.3 Low
CVSS2
Дефекты
CWE-613
CWE-613
Связанные уязвимости
CVSS3: 7.1
redhat
почти 5 лет назад
A flaw was found in keycloak where keycloak may fail to logout user session if the logout request comes from external SAML identity provider and Principal Type is set to Attribute [Name].
CVSS3: 7.1
debian
почти 4 года назад
A flaw was found in keycloak where keycloak may fail to logout user se ...
EPSS
Процентиль: 16%
0.00052
Низкий
7.1 High
CVSS3
3.3 Low
CVSS2
Дефекты
CWE-613
CWE-613