GHSA-F4V7-3MWW-9GC2 Keycloak allows unrestricted admin use of system and environment variables
A security vulnerability has been identified that allows admin users to access sensitive server environment variables and system properties through user-configurable URLs. Specifically, when configuring backchannel logout URLs or admin URLs, admin users can include placeholders like $env.VARNAME ...