Lucene search
+L

13 matches found

VulnCheck KEV
VulnCheck KEV
added 2024/01/22 12:0 a.m.7 views

VulnCheck KEV: CVE-2020-10770

A flaw was found in Keycloak before 13.0.0, where it is possible to force the server to call out an unverified URL using the OIDC parameter requesturi. This flaw allows an attacker to use this parameter to execute a Server-side request forgery SSRF attack...

5.3CVSS6.3AI score0.69724EPSS
Exploits5References1
Prion
Prion
added 2023/09/29 7:15 a.m.27 views

Server side request forgery (ssrf)

A Server-Side Request Forgery issue in the OpenID Connect Issuer in LemonLDAP::NG before 2.17.1 allows authenticated remote attackers to send GET requests to arbitrary URLs through the requesturi authorization parameter. This is similar to CVE-2020-10770...

4CVSS5AI score0.69724EPSS
Exploits5References4
Cvelist
Cvelist
added 2023/09/29 12:0 a.m.36 views

CVE-2023-44469

A Server-Side Request Forgery issue in the OpenID Connect Issuer in LemonLDAP::NG before 2.17.1 allows authenticated remote attackers to send GET requests to arbitrary URLs through the requesturi authorization parameter. This is similar to CVE-2020-10770...

5.2AI score0.00549EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2023/09/29 12:0 a.m.32 views

CVE-2023-44469

A Server-Side Request Forgery issue in the OpenID Connect Issuer in LemonLDAP::NG before 2.17.1 allows authenticated remote attackers to send GET requests to arbitrary URLs through the requesturi authorization parameter. This is similar to CVE-2020-10770...

4.3CVSS6AI score0.00549EPSS
Exploits0References4
OSV
OSV
added 2023/09/29 12:0 a.m.39 views

CVE-2023-44469

A Server-Side Request Forgery issue in the OpenID Connect Issuer in LemonLDAP::NG before 2.17.1 allows authenticated remote attackers to send GET requests to arbitrary URLs through the requesturi authorization parameter. This is similar to CVE-2020-10770...

4.3CVSS7.2AI score0.00549EPSS
Exploits0References6
GithubExploit
GithubExploit
added 2021/10/13 8:40 a.m.769 views

Exploit for Server-Side Request Forgery in Redhat Keycloak

Keycloak-12.0.1-CVE-2020-10770 Keycloak 12.0.1 - 'requestu...

5.3CVSS6.3AI score0.69724EPSS
Exploits5
0day.today
0day.today
added 2021/10/13 12:0 a.m.414 views

Keycloak 12.0.1 - (request_uri) Blind Server-Side Request Forgery (Unauthenticated) Exploit

Exploit Title: Keycloak 12.0.1 - 'requesturi ' Blind Server-Side Request Forgery SSRF Unauthenticated Exploit Author: Mayank Deshmukh Vendor Homepage: https://www.keycloak.org/ Software Link: https://www.keycloak.org/archive/downloads-12.0.1.html Version: versions 192.168.0.1:4444 '''...

5.3CVSS0.5AI score0.69724EPSS
Exploits5
Exploit DB
Exploit DB
added 2021/10/13 12:0 a.m.655 views

Keycloak 12.0.1 - 'request_uri ' Blind Server-Side Request Forgery (SSRF) (Unauthenticated)

Exploit Title: Keycloak 12.0.1 - 'requesturi ' Blind Server-Side Request Forgery SSRF Unauthenticated Date: 2021-10-09 Exploit Author: Mayank Deshmukh Vendor Homepage: https://www.keycloak.org/ Software Link: https://www.keycloak.org/archive/downloads-12.0.1.html Version: versions 192.168.0.1:444...

5.3CVSS5.2AI score0.69724EPSS
Exploits5
RedHat Linux
RedHat Linux
added 2021/02/01 1:46 p.m.70 views

Moderate: Red Hat Security Advisory: Red Hat Single Sign-On 7.4.5 security update on RHEL 8

New Red Hat Single Sign-On 7.4.5 packages are now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

5.3CVSS6.3AI score0.69724EPSS
Exploits5References3
Tenable Nessus
Tenable Nessus
added 2021/02/01 12:0 a.m.45 views

RHEL 8 : Red Hat Single Sign-On 7.4.5 security update on RHEL 8 (Moderate) (RHSA-2021:0320)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2021:0320 advisory. Red Hat Single Sign-On 7.4 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on...

5.3CVSS6.2AI score0.69724EPSS
Exploits5References6
Tenable Nessus
Tenable Nessus
added 2021/02/01 12:0 a.m.40 views

RHEL 6 : Red Hat Single Sign-On 7.4.5 security update on RHEL 6 (Moderate) (RHSA-2021:0318)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2021:0318 advisory. Red Hat Single Sign-On 7.4 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on...

5.3CVSS6.2AI score0.69724EPSS
Exploits5References6
Circl
Circl
added 2020/12/15 10:40 p.m.105 views

CVE-2020-10770

creationtimestamp| type| source ---|---|--- 2020-12-15 22:40:56+00:00| seen| https://t.me/cibsecurity/20877 2023-09-29 12:42:29+00:00| seen| https://t.me/cibsecurity/71269 2025-02-05 00:00:00+00:00| seen| The Shadowserver honeypot/common-vulnerabilities - 2025-02-05 2025-03-09 00:00:00+00:00| see...

5.3CVSS6.3AI score0.69724EPSS
In wildExploits5References6
CVE
CVE
added 2020/12/15 12:0 a.m.314 views

CVE-2020-10770

CVE-2020-10770 describes a Server-Side Request Forgery (SSRF) in OpenID Connect Issuer handling of the request_uri parameter in Keycloak before 13.0.0, allowing an attacker to cause the server to fetch an unverified URL. The vulnerability is backed by multiple sources within the connected documen...

5.3CVSS4.9AI score0.69724EPSS
In wildExploits5References2Affected Software1
Rows per page
Query Builder