CVE-2014-3652Open Redirect in Keycloak

CWE-601Open Redirect5 documents5 sources
Severity
6.1MEDIUMNVD
EPSS
0.2%
top 55.38%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Jboss KeycloakRedhat Keycloak
Timeline
PublishedDec 15
Latest updateMay 17

Description

JBoss KeyCloak: Open redirect vulnerability via failure to validate the redirect URL.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages2 packages

CVEListV5jboss_keycloak/jboss_keycloakthrough 2014-09-19
NVDredhat/keycloak1.0.1

Patches

Patch: bugzilla.redhat.comPatch: bugzilla.redhat.com

🔴Vulnerability Details

3
GHSA
JBoss KeyCloak Open Redirect2022-05-17
OSV
JBoss KeyCloak Open Redirect2022-05-17
CVEList
CVE-2014-3652: JBoss KeyCloak: Open redirect vulnerability via failure to validate the redirect URL2019-12-15

💬Community

1
Bugzilla
CVE-2014-3652 JBoss KeyCloak: Open redirect vulnerability2014-09-19
CVE-2014-3652 — Open Redirect in Jboss Keycloak | cvebase