How severe is CVE-2020-14302?

CVE-2020-14302 has a CVSS v3 score of 4.9 (MEDIUM).

CVE-2020-14302

Name: keycloak
Author: redhat

4.9MEDIUM

A flaw was found in Keycloak before 13.0.0 where an external identity provider, after successful authentication, redirects to a Keycloak endpoint that accepts multiple invocations with the use of the

发布于: 12/15/2020更新于: 11/21/2024

描述

A flaw was found in Keycloak before 13.0.0 where an external identity provider, after successful authentication, redirects to a Keycloak endpoint that accepts multiple invocations with the use of the same "state" parameter. This flaw allows a malicious user to perform replay attacks.

AI分析AI驱动

受影响产品

redhatkeycloak

参考资料

https://bugzilla.redhat.com/show_bug.cgi?id=1849584
Issue TrackingVendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1849584
Issue TrackingVendor Advisory