Lucene search
+L

6 matches found

RedHat Linux
RedHat Linux
added 2026/06/25 5:36 p.m.5 views

org.keycloak.protocol.oidc.grants: org.keycloak.services.managers: Keycloak: Server-Side Request Forgery via OIDC token endpoint manipulation

A flaw was found in Keycloak. An authenticated attacker can perform Server-Side Request Forgery SSRF by manipulating the clientsessionhost parameter during refresh token requests. This occurs when a Keycloak client is configured to use the backchannel.logout.url with the application.session.host...

3.1CVSS5.8AI score0.00295EPSS
Exploits0References4
EUVD
EUVD
added 2026/03/26 9:30 a.m.10 views

EUVD-2026-16142

A flaw was found in Keycloak. An authenticated attacker can perform Server-Side Request Forgery SSRF by manipulating the clientsessionhost parameter during refresh token requests. This occurs when a Keycloak client is configured to use the backchannel.logout.url with the application.session.host...

3.1CVSS5.8AI score0.00295EPSS
Exploits0References3
OSV
OSV
added 2026/03/26 9:30 a.m.7 views

GHSA-22RM-WP4X-V5CX Keycloak Server-Side Request Forgery via OIDC token endpoint manipulation

A flaw was found in Keycloak. An authenticated attacker can perform Server-Side Request Forgery SSRF by manipulating the clientsessionhost parameter during refresh token requests. This occurs when a Keycloak client is configured to use the backchannel.logout.url with the application.session.host...

3.1CVSS5.9AI score0.00295EPSS
Exploits0References13
Github Security Blog
Github Security Blog
added 2026/03/26 9:30 a.m.6 views

Keycloak Server-Side Request Forgery via OIDC token endpoint manipulation

A flaw was found in Keycloak. An authenticated attacker can perform Server-Side Request Forgery SSRF by manipulating the clientsessionhost parameter during refresh token requests. This occurs when a Keycloak client is configured to use the backchannel.logout.url with the application.session.host...

3.1CVSS5.9AI score0.00295EPSS
Exploits0References13Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/26 7:12 a.m.3 views

CVE-2026-4874

A flaw was found in Keycloak. An authenticated attacker can perform Server-Side Request Forgery SSRF by manipulating the clientsessionhost parameter during refresh token requests. This occurs when a Keycloak client is configured to use the backchannel.logout.url with the application.session.host...

3.1CVSS5.8AI score0.00295EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2026/03/26 7:12 a.m.3 views

CVE-2026-4874

A flaw was found in Keycloak. An authenticated attacker can perform Server-Side Request Forgery SSRF by manipulating the clientsessionhost parameter during refresh token requests. This occurs when a Keycloak client is configured to use the backchannel.logout.url with the application.session.host...

3.1CVSS5.6AI score0.00295EPSS
Exploits0References3
Rows per page
Query Builder