How severe is CVE-2020-14302?

CVE-2020-14302 has a CVSS v3 score of 4.9 (MEDIUM).

CVE-2020-14302

Name: keycloak
Author: redhat

4.9MEDIUM

A flaw was found in Keycloak before 13.0.0 where an external identity provider, after successful authentication, redirects to a Keycloak endpoint that accepts multiple invocations with the use of the

Published: 12/15/2020Updated: 11/21/2024

Description

A flaw was found in Keycloak before 13.0.0 where an external identity provider, after successful authentication, redirects to a Keycloak endpoint that accepts multiple invocations with the use of the same "state" parameter. This flaw allows a malicious user to perform replay attacks.

AI AnalysisPowered by AI

Affected Products

redhatkeycloak

References

https://bugzilla.redhat.com/show_bug.cgi?id=1849584
Issue TrackingVendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1849584
Issue TrackingVendor Advisory