Description
A flaw was found in JBOSS Keycloak 3.2.1.Final. The Redirect URL for both Login and Logout are not normalized in org.keycloak.protocol.oidc.utils.RedirectUtils before the redirect url is verified. This can lead to an Open Redirection attack
Remediation
References
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14658
https://access.redhat.com/errata/RHSA-2018:3595
https://access.redhat.com/errata/RHSA-2018:3593
https://access.redhat.com/errata/RHSA-2018:3592
Related Vulnerabilities
CVE-2020-36188 Vulnerability in maven package com.fasterxml.jackson.core:jackson-databind
CVE-2020-28471 Vulnerability in npm package properties-reader
CVE-2023-32314 Vulnerability in maven package org.webjars.npm:vm2
CVE-2021-22137 Vulnerability in maven package org.elasticsearch:elasticsearch
CVE-2023-26473 Vulnerability in maven package org.xwiki.platform:xwiki-platform-query-manager