2024-06-03 15:33:18
redhat
PUBLISHED
A flaw was found in Keycloak in OAuth 2.0 Pushed Authorization Requests (PAR). Client-provided parameters were found to be included in plain text in the KC_RESTART cookie returned by the authorization servers HTTP response to a `request_uri` authorization request, possibly leading to an information disclosure vulnerability.