CVE-2018-14658 Vulnerability in maven package org.keycloak:keycloak-services

Description

A flaw was found in JBOSS Keycloak 3.2.1.Final. The Redirect URL for both Login and Logout are not normalized in org.keycloak.protocol.oidc.utils.RedirectUtils before the redirect url is verified. This can lead to an Open Redirection attack

Remediation

References

https://access.redhat.com/errata/RHSA-2018:3592

https://access.redhat.com/errata/RHSA-2018:3593

https://access.redhat.com/errata/RHSA-2018:3595

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14658

Related Vulnerabilities

CVE-2014-0112 Vulnerability in maven package org.apache.struts.xwork:xwork-core

CVE-2023-34434 Vulnerability in maven package org.apache.inlong:manager-pojo

CVE-2023-32070 Vulnerability in maven package org.xwiki.rendering:xwiki-rendering-syntax-xhtml

CVE-2020-5408 Vulnerability in maven package org.springframework.security:spring-security-core

CVE-2014-3527 Vulnerability in maven package org.springframework.security:spring-security-cas

Severity

High

Classification

CWE-601 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N