Description
A flaw was found in Keycloak Gatekeeper (Louketo). The logout endpoint can be abused to redirect logged-in users to arbitrary web pages. Affected versions of Keycloak Gatekeeper (Louketo): 6.0.1, 7.0.0
Remediation
References
https://bugzilla.redhat.com/show_bug.cgi?id=1770276
https://issues.redhat.com/browse/KEYCLOAK-11318
Related Vulnerabilities
CVE-2014-6071 Vulnerability in maven package org.fujion.webjars:jquery
CVE-2023-2585 Vulnerability in maven package org.keycloak:keycloak-server-spi-private
CVE-2018-3751 Vulnerability in npm package merge-recursive
CVE-2022-42468 Vulnerability in maven package org.apache.flume.flume-ng-sources:flume-jms-source