CVE-2020-1723 — Open Redirect in Keycloak Gatekeeper
Severity
6.1MEDIUMNVD
EPSS
0.2%
top 63.74%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedJan 28
Latest updateMay 24
Description
A flaw was found in Keycloak Gatekeeper (Louketo). The logout endpoint can be abused to redirect logged-in users to arbitrary web pages. Affected versions of Keycloak Gatekeeper (Louketo): 6.0.1, 7.0.0
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7
Affected Packages3 packages
🔴Vulnerability Details
2📋Vendor Advisories
1Red Hat▶
keycloak: logout endpoint /oauth/logout?redirect=url can be abused to redirect logged in users to arbitrary web pages↗2021-01-19
💬Community
3Bugzilla▶
CVE-2020-25663 ImageMagick: use-after-free, heap-buffer-overflow triggered by GetPixelRed, GetPixelBlue in MagickCore/pixel-accessor.h↗2020-10-26
Bugzilla▶
CVE-2020-1723 keycloak: logout endpoint /oauth/logout?redirect=url can be abused to redirect logged in users to arbitrary web pages↗2019-11-08