Lucene search

GitHub Advisory DatabaseGHSA-5R7W-PJX8-99QG

HistoryMay 17, 2022 - 7:57 p.m.

JBoss KeyCloak Open Redirect

2022-05-1719:57:08

CWE-601

GitHub Advisory Database

github.com

jboss keycloak

open redirect

vulnerability

redirect url

validation

CVSS2

5.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

36.1%

JSON

JBoss KeyCloak: Open redirect vulnerability via failure to validate the redirect URL.

Affected configurations

Vulners

Node

org.keycloakkeycloak-servicesRange<1.1.0.Beta1

VendorProductVersionCPE
org.keycloakkeycloak-services*cpe:2.3:a:org.keycloak:keycloak-services:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
org.keycloak	keycloak-services	*	cpe:2.3:a:org.keycloak:keycloak-services::::::::

References

access.redhat.com/security/cve/cve-2014-3652

bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-3652

github.com/advisories/GHSA-5r7w-pjx8-99qg

github.com/keycloak/keycloak/commit/6b2a4229e3b869eec9d4adc30c1afdf71e78cbdf

issues.jboss.org/browse/KEYCLOAK-700

nvd.nist.gov/vuln/detail/CVE-2014-3652

CVSS2

5.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

36.1%

JSON

Related for GHSA-5R7W-PJX8-99QG