Lucene search
RedhatCVELIST:CVE-2020-10770HistoryDec 15, 2020 - 12:00 a.m.
CVE-2020-10770
2020-12-1500:00:00
CWE-918
redhat
www.cve.org
1
A flaw was found in Keycloak before 13.0.0, where it is possible to force the server to call out an unverified URL using the OIDC parameter request_uri. This flaw allows an attacker to use this parameter to execute a Server-side request forgery (SSRF) attack.
CNA Affected
[
{
"vendor": "n/a",
"product": "keycloak",
"versions": [
{
"version": "keycloak 13.0.0",
"status": "affected"
}
]
}
]Related
redhat
redhat
nessus
nessus
osv
osv
Keycloak vulnerable to Server-Side Request Forgery
2022-05-24 17:36:27
CVE-2020-10770
2020-12-15 20:15:14
CVE-2023-44469
2023-09-29 07:15:14
nvd
nvd
CVE-2020-10770
2020-12-15 20:15:14
CVE-2023-44469
2023-09-29 07:15:14
redhatcve
redhatcve
CVE-2020-10770
2020-11-26 06:51:31
githubexploit
githubexploit
Exploit for Server-Side Request Forgery in Redhat Keycloak
2021-10-13 08:40:33
cve
cve
CVE-2020-10770
2020-12-15 20:15:14
CVE-2023-44469
2023-09-29 07:15:14
veracode
veracode
Server-Side Request Forgery (SSRF)
2021-02-03 08:49:37
prion
prion
Server side request forgery (ssrf)
2020-12-15 20:15:00
Server side request forgery (ssrf)
2023-09-29 07:15:00
packetstorm
packetstorm
Keycloak 12.0.1 Server-Side Request Forgery
2021-10-13 00:00:00
github
github
Keycloak vulnerable to Server-Side Request Forgery
2022-05-24 17:36:27
nuclei
nuclei
Keycloak <= 12.0.1 - request_uri Blind Server-Side Request Forgery (SSRF)
2021-10-17 15:59:45
zdt
zdt
exploitdb
exploitdb
debiancve
debiancve
CVE-2023-44469
2023-09-29 07:15:14
cvelist
cvelist
CVE-2023-44469
2023-09-29 00:00:00
ubuntucve
ubuntucve
CVE-2023-44469
2023-09-29 00:00:00
qualysblog
qualysblog
Identify Server-Side Attacks Using Qualys Periscope
2022-12-01 23:11:35