CVE-2020-14302
published 2020-12-15CVE-2020-14302: A flaw was found in Keycloak before 13.0.0 where an external identity provider, after successful authentication, redirects to a Keycloak endpoint that accepts…
medium4.9CVSS 3.1
AVNACLPRHUINSUCNIHAN
A flaw was found in Keycloak before 13.0.0 where an external identity provider, after successful authentication, redirects to a Keycloak endpoint that accepts multiple invocations with the use of the same "state" parameter. This flaw allows a malicious user to perform replay attacks.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| redhat | keycloak | < 13.0.0 | 13.0.0 |
| redhat | keycloak | — | — |