Описание
A flaw was found in JBOSS Keycloak 3.2.1.Final. The Redirect URL for both Login and Logout are not normalized in org.keycloak.protocol.oidc.utils.RedirectUtils before the redirect url is verified. This can lead to an Open Redirection attack
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Fuse 7 | keycloak | Will not fix | ||
| Red Hat Mobile Application Platform 4 | keycloak | Out of support scope | ||
| Red Hat Single Sign-On 7.2.5 zip | Fixed | RHSA-2018:3595 | 13.11.2018 | |
| Red Hat Single Sign-On 7.2 for RHEL 6 | rh-sso7-keycloak | Fixed | RHSA-2018:3592 | 13.11.2018 |
| Red Hat Single Sign-On 7.2 for RHEL 7 | rh-sso7-keycloak | Fixed | RHSA-2018:3593 | 13.11.2018 |
Показывать по
10
Дополнительная информация
Статус:
Moderate
Дефект:
CWE-601
https://bugzilla.redhat.com/show_bug.cgi?id=1625409keycloak: Open Redirect in Login and Logout
6.1 Medium
CVSS3
Связанные уязвимости
CVSS3: 6.1
nvd
около 7 лет назад
A flaw was found in JBOSS Keycloak 3.2.1.Final. The Redirect URL for both Login and Logout are not normalized in org.keycloak.protocol.oidc.utils.RedirectUtils before the redirect url is verified. This can lead to an Open Redirection attack
CVSS3: 6.1
debian
около 7 лет назад
A flaw was found in JBOSS Keycloak 3.2.1.Final. The Redirect URL for b ...
6.1 Medium
CVSS3