Description
The org.keycloak.services.resources.SocialResource.callback method in JBoss KeyCloak before 1.0.3.Final allows remote attackers to conduct cross-site request forgery (CSRF) attacks by leveraging lack of CSRF protection.
Remediation
References
https://issues.jboss.org/browse/KEYCLOAK-765
https://bugzilla.redhat.com/show_bug.cgi?id=1154971
http://www.securityfocus.com/bid/101508
Related Vulnerabilities
CVE-2020-28435 Vulnerability in npm package ffmpeg-sdk
CVE-2023-0105 Vulnerability in maven package org.keycloak:keycloak-core
CVE-2020-6428 Vulnerability in npm package electron
CVE-2023-34238 Vulnerability in npm package gatsby
CVE-2017-12629 Vulnerability in maven package org.apache.lucene:lucene-queryparser