CVE-2018-14658Open Redirect in RED HAT Keycloak

CWE-601Open Redirect6 documents6 sources
Severity
6.1MEDIUMNVD
EPSS
0.2%
top 52.88%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
RED HAT KeycloakRedhat Keycloak
Timeline
PublishedNov 13
Latest updateMay 13

Description

A flaw was found in JBOSS Keycloak 3.2.1.Final. The Redirect URL for both Login and Logout are not normalized in org.keycloak.protocol.oidc.utils.RedirectUtils before the redirect url is verified. This can lead to an Open Redirection attack

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages2 packages

NVDredhat/keycloak3.2.1
CVEListV5red_hat/keycloak3.2.1.Final

🔴Vulnerability Details

3
GHSA
Keycloak Open Redirect2022-05-13
OSV
Keycloak Open Redirect2022-05-13
CVEList
CVE-2018-14658: A flaw was found in JBOSS Keycloak 32018-11-13

📋Vendor Advisories

1
Red Hat
keycloak: Open Redirect in Login and Logout2018-11-13

💬Community

1
Bugzilla
CVE-2018-14658 keycloak: Open Redirect in Login and Logout2018-09-04
CVE-2018-14658 — Open Redirect in RED HAT Keycloak | cvebase