How severe is CVE-2020-14302?

CVE-2020-14302 has a CVSS v3 score of 4.9 (MEDIUM).

CVE-2020-14302

Name: keycloak
Author: redhat

4.9MEDIUM

A flaw was found in Keycloak before 13.0.0 where an external identity provider, after successful authentication, redirects to a Keycloak endpoint that accepts multiple invocations with the use of the

게시됨: 12/15/2020업데이트됨: 11/21/2024

설명

A flaw was found in Keycloak before 13.0.0 where an external identity provider, after successful authentication, redirects to a Keycloak endpoint that accepts multiple invocations with the use of the same "state" parameter. This flaw allows a malicious user to perform replay attacks.

AI 분석AI 기반

영향받는 제품

redhatkeycloak

참조

https://bugzilla.redhat.com/show_bug.cgi?id=1849584
Issue TrackingVendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1849584
Issue TrackingVendor Advisory