Security Advisory

CVE-2018-14658

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2018-11-13 19:00:00

Last updated 2024-08-05 09:38:13

Assigner redhat

State PUBLISHED

Description

A flaw was found in JBOSS Keycloak 3.2.1.Final. The Redirect URL for both Login and Logout are not normalized in org.keycloak.protocol.oidc.utils.RedirectUtils before the redirect url is verified. This can lead to an Open Redirection attack

← Browse all CVEs View on cve.org ↗