CVE-2020-10776
published 2020-11-17CVE-2020-10776: A flaw was found in Keycloak before version 12.0.0, where it is possible to add unsafe schemes for the redirect_uri parameter. This flaw allows an attacker to…
medium4.8CVSS 3.1
AVNACLPRHUIRSCCLILAN
A flaw was found in Keycloak before version 12.0.0, where it is possible to add unsafe schemes for the redirect_uri parameter. This flaw allows an attacker to perform a Cross-site scripting attack.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| redhat | keycloak | < 12.0.0 | 12.0.0 |
| redhat | keycloak | — | — |