Описание
A vulnerability was found in Keycloak before 9.0.2, where every Authorization URL that points to an IDP server lacks proper input validation as it allows a wide range of characters. This flaw allows a malicious to craft deep links that introduce further attack scenarios on affected clients.
A flaw was found in Keycloak, where every Authorization URL that points to an IDP server lacks proper input validation as it allows a wide range of characters. This flaw allows a malicious to craft deep links that introduce further attack scenarios on affected clients.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Fuse 7 | keycloak | Affected | ||
| Red Hat OpenShift Application Runtimes | keycloak | Affected | ||
| Red Hat Single Sign-On 7 | rh-sso7-keycloak | Affected | ||
| Red Hat Runtimes Spring Boot 2.2.6 | keycloak | Fixed | RHSA-2020:2252 | 01.06.2020 |
| Red Hat Single Sign-On 7.4.0 | Fixed | RHSA-2020:5625 | 17.12.2020 | |
| Text-Only RHOAR | Fixed | RHSA-2020:2905 | 23.07.2020 |
Показывать по
Дополнительная информация
Статус:
EPSS
6.4 Medium
CVSS3
Связанные уязвимости
A vulnerability was found in Keycloak before 9.0.2, where every Authorization URL that points to an IDP server lacks proper input validation as it allows a wide range of characters. This flaw allows a malicious to craft deep links that introduce further attack scenarios on affected clients.
A vulnerability was found in Keycloak before 9.0.2, where every Author ...
A vulnerability was found in Keycloak before 9.0.2, where every Authorization URL that points to an IDP server lacks proper input validation as it allows a wide range of characters. This flaw allows a malicious to craft deep links that introduce further attack scenarios on affected clients.
EPSS
6.4 Medium
CVSS3