keycloak: path traversal via double URL encoding. A flaw was found in Keycloak, where it does not properly validate URLs included in a redirect. An attacker can use this flaw to construct a malicious request to bypass validation and access other URLs and potentially sensitive information within the domain or possibly conduct further attacks. This flaw affects any client that utilizes a wildcard in the Valid Redirect URIs field.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: redhat
Published: 2023-01-11T16:58:10.434Z
Updated: 2024-08-03T01:20:57.802Z
Reserved: 2022-10-31T20:17:27.732Z
Link: CVE-2022-3782
Vulnrichment
No data.
NVD
Status : Modified
Published: 2023-01-13T06:15:11.187
Modified: 2024-11-21T07:20:13.763
Link: CVE-2022-3782
Redhat