Описание
Rejected reason: The originally reported issue in https://github.com/syedsohaibkarim/OpenRedirect-Keycloak18.0.0 is a known misconfiguration, and recommendation already exists in the Keycloak documentation to mitigate the issue: https://www.keycloak.org/docs/latest/server_admin/index.html#open-redirectors.
Связанные уязвимости
redhat
больше 3 лет назад
[REJECTED CVE] An open redirection vulnerability (open redirect) exists in keycloak auth endpoint. URL can be mentioned as the value of redirect_uri query parameter and it successfully redirects to it.
CVSS3: 6.1
github
почти 3 года назад
keycloak 18.0.0: open redirect in auth endpoint via the redirect_uri parameter.