How severe is CVE-2020-14302?

CVE-2020-14302 has a CVSS v3 score of 4.9 (MEDIUM).

CVE-2020-14302

Name: keycloak
Author: redhat

4.9MEDIUM

A flaw was found in Keycloak before 13.0.0 where an external identity provider, after successful authentication, redirects to a Keycloak endpoint that accepts multiple invocations with the use of the

Опубликовано: 12/15/2020Обновлено: 11/21/2024

Описание

A flaw was found in Keycloak before 13.0.0 where an external identity provider, after successful authentication, redirects to a Keycloak endpoint that accepts multiple invocations with the use of the same "state" parameter. This flaw allows a malicious user to perform replay attacks.

ИИ-АнализНа базе ИИ

Затронутые продукты

redhatkeycloak

Ссылки

https://bugzilla.redhat.com/show_bug.cgi?id=1849584
Issue TrackingVendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1849584
Issue TrackingVendor Advisory