Описание
A flaw was found in Keycloak's data filter, in version 10.0.1, where it allowed the processing of data URLs in some circumstances. This flaw allows an attacker to conduct cross-site scripting or further attacks.
A flaw was found in Keycloak's data filter, where it allowed the processing of data URLs in some circumstances. This flaw allows an attacker to conduct cross-site scripting or further attacks.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Decision Manager 7 | keycloak | Not affected | ||
| Red Hat Fuse 7 | keycloak | Not affected | ||
| Red Hat OpenShift Application Runtimes | keycloak | Not affected | ||
| Red Hat Process Automation 7 | keycloak | Not affected | ||
| Red Hat Single Sign-On 7 | rh-sso7-keycloak | Affected | ||
| Red Hat support for Spring Boot | keycloak | Not affected | ||
| Red Hat Single Sign-On 7.4.1 | Fixed | RHSA-2020:2813 | 02.07.2020 |
Показывать по
10
Дополнительная информация
Статус:
Moderate
Дефект:
CWE-79
https://bugzilla.redhat.com/show_bug.cgi?id=1836786keycloak: top-level navigations to data URLs resulting in XSS are possible (incomplete fix of CVE-2020-1697)
EPSS
Процентиль: 50%
0.00271
Низкий
6.1 Medium
CVSS3
Связанные уязвимости
CVSS3: 6.1
nvd
больше 5 лет назад
A flaw was found in Keycloak's data filter, in version 10.0.1, where it allowed the processing of data URLs in some circumstances. This flaw allows an attacker to conduct cross-site scripting or further attacks.
CVSS3: 6.1
debian
больше 5 лет назад
A flaw was found in Keycloak's data filter, in version 10.0.1, where i ...
EPSS
Процентиль: 50%
0.00271
Низкий
6.1 Medium
CVSS3