Description
A flaw was found in JBOSS Keycloak 3.2.1.Final. The Redirect URL for both Login and Logout are not normalized in org.keycloak.protocol.oidc.utils.RedirectUtils before the redirect url is verified. This can lead to an Open Redirection attack
Remediation
References
https://access.redhat.com/errata/RHSA-2018:3592
https://access.redhat.com/errata/RHSA-2018:3593
https://access.redhat.com/errata/RHSA-2018:3595
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14658
Related Vulnerabilities
CVE-2017-8440 Vulnerability in npm package kibana
CVE-2011-4905 Vulnerability in maven package activemq:activemq
CVE-2022-0084 Vulnerability in maven package org.jboss.xnio:xnio-api
CVE-2021-27578 Vulnerability in maven package org.apache.zeppelin:zeppelin
CVE-2022-43417 Vulnerability in maven package org.jenkins-ci.plugins:katalon