CVE-2020-1727Improper Input Validation in Redhat Keycloak

CWE-20Improper Input Validation7 documents5 sources
Severity
5.4MEDIUMNVD
CNA6.4
EPSS
0.2%
top 59.83%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Redhat Keycloak
Timeline
PublishedJun 22
Latest updateMay 24

Description

A vulnerability was found in Keycloak before 9.0.2, where every Authorization URL that points to an IDP server lacks proper input validation as it allows a wide range of characters. This flaw allows a malicious to craft deep links that introduce further attack scenarios on affected clients.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.5

Affected Packages1 packages

NVDredhat/keycloak< 9.0.2

🔴Vulnerability Details

2
GHSA
GHSA-pw23-237p-qf6r: A vulnerability was found in Keycloak before 92022-05-24
CVEList
CVE-2020-1727: A vulnerability was found in Keycloak before 92020-06-22

📋Vendor Advisories

1
Red Hat
keycloak: missing input validation in IDP authorization URLs2020-05-20

💬Community

3
Bugzilla
CVE-2020-27751 ImageMagick: integer overflow in MagickCore/quantum-export.c2020-10-27
Bugzilla
CVE-2020-2152 jenkins-subversion-plugin: error message for Repository URL field form validation leads to reflected XSS2020-03-31
Bugzilla
CVE-2020-1727 keycloak: missing input validation in IDP authorization URLs2020-02-07
CVE-2020-1727 — Improper Input Validation in Redhat | cvebase