Description
A flaw was found in JBOSS Keycloak 3.2.1.Final. The Redirect URL for both Login and Logout are not normalized in org.keycloak.protocol.oidc.utils.RedirectUtils before the redirect url is verified. This can lead to an Open Redirection attack
Remediation
References
https://access.redhat.com/errata/RHSA-2018:3592
https://access.redhat.com/errata/RHSA-2018:3593
https://access.redhat.com/errata/RHSA-2018:3595
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14658
Related Vulnerabilities
CVE-2020-7014 Vulnerability in maven package org.elasticsearch:elasticsearch
CVE-2017-1000502 Vulnerability in maven package org.jenkins-ci.plugins:ec2
CVE-2022-41678 Vulnerability in maven package org.apache.activemq:apache-activemq
CVE-2019-16541 Vulnerability in maven package org.jenkins-ci.plugins:jira
CVE-2022-34213 Vulnerability in maven package org.jenkins-ci.plugins:squashtm-publisher