Description
A flaw was found in JBOSS Keycloak 3.2.1.Final. The Redirect URL for both Login and Logout are not normalized in org.keycloak.protocol.oidc.utils.RedirectUtils before the redirect url is verified. This can lead to an Open Redirection attack
Remediation
References
https://access.redhat.com/errata/RHSA-2018:3592
https://access.redhat.com/errata/RHSA-2018:3593
https://access.redhat.com/errata/RHSA-2018:3595
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14658
Related Vulnerabilities
CVE-2020-2207 Vulnerability in maven package org.jenkins-ci.plugins:vncviewer
CVE-2021-22097 Vulnerability in maven package org.springframework.amqp:spring-amqp
CVE-2023-28670 Vulnerability in maven package com.paul8620.jenkins.plugins:pipeline-aggregator-view
CVE-2020-15092 Vulnerability in npm package @knight-lab/timelinejs
CVE-2023-40037 Vulnerability in maven package org.apache.nifi:nifi-jms-processors