Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS0zcWgyLW1jY2MtcTVtNs4AARNF
Keycloak Open Redirect
A flaw was found in JBOSS Keycloak 3.2.1.Final. The Redirect URL for both Login and Logout are not normalized in org.keycloak.protocol.oidc.utils.RedirectUtils before the redirect url is verified. This can lead to an Open Redirection attack
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS0zcWgyLW1jY2MtcTVtNs4AARNF
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: over 2 years ago
Updated: over 1 year ago
CVSS Score: 6.1
CVSS vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Identifiers: GHSA-3qh2-mccc-q5m6, CVE-2018-14658
References:
- https://nvd.nist.gov/vuln/detail/CVE-2018-14658
- https://access.redhat.com/errata/RHSA-2018:3592
- https://access.redhat.com/errata/RHSA-2018:3593
- https://access.redhat.com/errata/RHSA-2018:3595
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14658
- https://github.com/advisories/GHSA-3qh2-mccc-q5m6
Affected Packages
maven:org.keycloak:keycloak-core
Dependent packages: 376Dependent repositories: 1,153
Downloads:
Affected Version Ranges: <= 3.2.1.Final
No known fixed version
All affected versions: