Описание
A flaw was found in Keycloak's redirect_uri validation logic. This issue may allow a bypass of otherwise explicitly allowed hosts. A successful attack may lead to the theft of an access token, making it possible for the attacker to impersonate other users. It is very similar to CVE-2023-6291.
Ссылки
EPSS
7.1 High
CVSS3
Дефекты
Связанные уязвимости
A flaw was found in Keycloak's redirect_uri validation logic. This issue may allow a bypass of otherwise explicitly allowed hosts. A successful attack may lead to the theft of an access token, making it possible for the attacker to impersonate other users. It is very similar to CVE-2023-6291.
A flaw was found in Keycloak's redirect_uri validation logic. This iss ...
Keycloak path traversal vulnerability in the redirect validation
EPSS
7.1 High
CVSS3