2 matches found
Sensitive Information Disclosure
keycloak-services is vulnerable to Sensitive Information Disclosure. The vulnerability is due to client-provided parameters included in plain text within the KCRESTART cookie returned by the authorization server's HTTP response to a requesturi authorization request...
CVE-2024-4540
A flaw was found in Keycloak in OAuth 2.0 Pushed Authorization Requests PAR. Client-provided parameters were found to be included in plain text in the KCRESTART cookie returned by the authorization server's HTTP response to a requesturi authorization request, possibly leading to an information...