CVE-2018-14658

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2018-14658

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-14658.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2018-14658

Aliases

GHSA-3qh2-mccc-q5m6

Related

Published

2018-11-13T19:29:00Z

Modified

2024-09-02T23:31:18Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

A flaw was found in JBOSS Keycloak 3.2.1.Final. The Redirect URL for both Login and Logout are not normalized in org.keycloak.protocol.oidc.utils.RedirectUtils before the redirect url is verified. This can lead to an Open Redirection attack

References

Affected packages

Git / github.com/keycloak/keycloak

Affected ranges

Type: GIT
Repo: https://github.com/keycloak/keycloak
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

237d51429bc3b14ee54a78c41c0dbdfd3990ff01