A flaw was found in JBOSS Keycloak 3.2.1.Final. The Redirect URL for both Login and Logout are not normalized in org.keycloak.protocol.oidc.utils.RedirectUtils before the redirect url is verified. This can lead to an Open Redirection attack
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: redhat
Published: 2018-11-13T19:00:00
Updated: 2024-08-05T09:38:13.033Z
Reserved: 2018-07-27T00:00:00
Link: CVE-2018-14658
Vulnrichment
No data.
NVD
Status : Modified
Published: 2018-11-13T19:29:00.370
Modified: 2024-11-21T03:49:31.720
Link: CVE-2018-14658
Redhat