Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2020-10734

Опубликовано: 10 фев. 2021
Источник: redhat
CVSS3: 3.3

Описание

A vulnerability was found in keycloak in the way that the OIDC logout endpoint does not have CSRF protection. Versions shipped with Red Hat Fuse 7, Red Hat Single Sign-on 7, and Red Hat Openshift Application Runtimes are believed to be vulnerable.

A flaw was found in keycloak. The OIDC logout endpoint does not have CSRF protection. The highest threat from this vulnerability is to system availability.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Fuse 7keycloakAffected
Red Hat OpenShift Application RuntimeskeycloakAffected
Red Hat Single Sign-On 7rh-sso7-keycloakAffected
Red Hat support for Spring BootkeycloakFix deferred

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
Дефект:
CWE-352
https://bugzilla.redhat.com/show_bug.cgi?id=1831662keycloak: OIDC logout endpoint CSRF

3.3 Low

CVSS3

Связанные уязвимости

nvd логотип

CVE-2020-10734

CVSS3: 3.3
nvd
почти 5 лет назад

A vulnerability was found in keycloak in the way that the OIDC logout endpoint does not have CSRF protection. Versions shipped with Red Hat Fuse 7, Red Hat Single Sign-on 7, and Red Hat Openshift Application Runtimes are believed to be vulnerable.

debian логотип

CVE-2020-10734

CVSS3: 3.3
debian
почти 5 лет назад

A vulnerability was found in keycloak in the way that the OIDC logout ...

github логотип

GHSA-rvjg-gxwx-j5gf

CVSS3: 3.3
github
почти 4 года назад

OIDC Logout redirect in keycloak

3.3 Low

CVSS3