A flaw was found in Keycloak that prevents certain schemes in redirects, but permits them if a wildcard is appended to the token. This issue could allow an attacker to submit a specially crafted request leading to cross-site scripting (XSS) or further attacks. This flaw is the result of an incomplete fix for CVE-2020-10748.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2023-12-14T21:42:12.160Z

Updated: 2024-11-23T03:37:59.109Z

Reserved: 2023-11-14T18:50:13.535Z

Link: CVE-2023-6134

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2023-12-14T22:15:44.087

Modified: 2024-11-21T08:43:12.193

Link: CVE-2023-6134

cve-icon Redhat

Severity : Moderate

Publid Date: 2023-11-14T00:00:00Z

Links: CVE-2023-6134 - Bugzilla