Security Advisory

CVE-2020-14302

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2020-12-15 19:06:15

Last updated 2024-08-04 12:39:36

Assigner redhat

State PUBLISHED

Description

A flaw was found in Keycloak before 13.0.0 where an external identity provider, after successful authentication, redirects to a Keycloak endpoint that accepts multiple invocations with the use of the same "state" parameter. This flaw allows a malicious user to perform replay attacks.

← Browse all CVEs View on cve.org ↗