Описание
JBoss KeyCloak: Open redirect vulnerability via failure to validate the redirect URL.
It was identified that the login redirect implementation provided by JBoss KeyCloak did not validate the redirect URL. This flaw could be used by a remote attacker to conduct phishing attacks by redirecting users to arbitary websites.
Отчет
This issue does not affect any supported Red Hat products.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat JBoss Enterprise Web Server 1 | mobile | Not affected |
Показывать по
10
Дополнительная информация
Статус:
Low
Дефект:
CWE-601
https://bugzilla.redhat.com/show_bug.cgi?id=1144281KeyCloak: Open redirect vulnerability
EPSS
Процентиль: 44%
0.00219
Низкий
2.6 Low
CVSS2
Связанные уязвимости
CVSS3: 6.1
nvd
около 6 лет назад
JBoss KeyCloak: Open redirect vulnerability via failure to validate the redirect URL.
EPSS
Процентиль: 44%
0.00219
Низкий
2.6 Low
CVSS2