CVE-2020-1727

Name of the Vulnerable Software and Affected Versions Keycloak versions prior to 9.0.2

Description A flaw was found in the input validation of Authorization URLs pointing to an IDP server, allowing a wide range of characters. This issue enables a malicious actor to craft deep links, introducing further attack scenarios on affected clients.

Recommendations For versions prior to 9.0.2, update to version 9.0.2 or later to resolve the issue. As a temporary workaround, consider restricting the use of Authorization URLs that point to an IDP server to minimize the risk of exploitation.