Описание
A flaw was found in Keycloak. This improper input validation vulnerability occurs because Keycloak accepts RFC-compliant matrix parameters in URL path segments, while common reverse proxy configurations may ignore or mishandle them. A remote attacker can craft requests to mask path segments, potentially bypassing proxy-level path filtering. This could expose administrative or sensitive endpoints that operators believe are not externally reachable.
EPSS
Процентиль: 10%
0.00036
Низкий
3.7 Low
CVSS3
Дефекты
CWE-20
Связанные уязвимости
CVSS3: 3.7
debian
23 дня назад
A flaw was found in Keycloak. This improper input validation vulnerabi ...
CVSS3: 3.7
github
23 дня назад
Keycloak has an improper input validation vulnerability
EPSS
Процентиль: 10%
0.00036
Низкий
3.7 Low
CVSS3
Дефекты
CWE-20