A flaw was found in JBOSS Keycloak 3.2.1.Final. The Redirect URL for both Login and Logout are not normalized in org.keycloak.protocol.oidc.utils.RedirectUtils before the redirect url is verified. This can lead to an Open Redirection attack
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2018-11-13T19:00:00

Updated: 2024-08-05T09:38:13.033Z

Reserved: 2018-07-27T00:00:00

Link: CVE-2018-14658

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2018-11-13T19:29:00.370

Modified: 2024-11-21T03:49:31.720

Link: CVE-2018-14658

cve-icon Redhat

Severity : Moderate

Publid Date: 2018-11-13T17:38:00Z

Links: CVE-2018-14658 - Bugzilla