Description
A flaw was found in JBOSS Keycloak 3.2.1.Final. The Redirect URL for both Login and Logout are not normalized in org.keycloak.protocol.oidc.utils.RedirectUtils before the redirect url is verified. This can lead to an Open Redirection attack
Remediation
References
https://access.redhat.com/errata/RHSA-2018:3592
https://access.redhat.com/errata/RHSA-2018:3593
https://access.redhat.com/errata/RHSA-2018:3595
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14658
Related Vulnerabilities
CVE-2017-1000118 Vulnerability in maven package com.typesafe.akka:akka-http-core_2.11
CVE-2017-15682 Vulnerability in maven package org.craftercms:crafter-studio
CVE-2020-9482 Vulnerability in maven package org.apache.nifi.registry:nifi-registry-web-api
CVE-2023-25158 Vulnerability in maven package org.geotools.jdbc:gt-jdbc-oracle