PT-2020-12319 · Red Hat · Keycloak
Published
2020-11-17
·
Updated
2022-02-09
·
CVE-2020-10776
CVSS v3.1
4.8
Medium
| Vector | AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Keycloak versions prior to 12.0.0
Description
A flaw was found in Keycloak where it is possible to add unsafe schemes for the
redirect uri parameter. This flaw allows an attacker to perform a Cross-site scripting attack.Recommendations
For versions prior to 12.0.0, update to version 12.0.0 or later to resolve the issue. As a temporary workaround, consider restricting the use of the
redirect uri parameter to minimize the risk of exploitation.Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Keycloak