How severe is CVE-2020-14302?

CVE-2020-14302 has a CVSS v3 score of 4.9 (MEDIUM).

CVE-2020-14302

Name: keycloak
Author: redhat

4.9MEDIUM

A flaw was found in Keycloak before 13.0.0 where an external identity provider, after successful authentication, redirects to a Keycloak endpoint that accepts multiple invocations with the use of the

Veröffentlicht: 12/15/2020Aktualisiert: 11/21/2024

Beschreibung

A flaw was found in Keycloak before 13.0.0 where an external identity provider, after successful authentication, redirects to a Keycloak endpoint that accepts multiple invocations with the use of the same "state" parameter. This flaw allows a malicious user to perform replay attacks.

KI-AnalyseKI-gestützt

Betroffene Produkte

redhatkeycloak

Referenzen

https://bugzilla.redhat.com/show_bug.cgi?id=1849584
Issue TrackingVendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1849584
Issue TrackingVendor Advisory