Linux Distros Unpatched Vulnerability : CVE-2020-1772

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - It's possible to craft Lost Password requests with wildcards in the Token value, which allows attacker to retrieve valid Tokens, generated by users which alread...

keycloak: reflected XSS via wildcard in OIDC redirect_uri

A flaw was found in Keycloak that prevents certain schemes in redirects, but permits them if a wildcard is appended to the token. This issue could allow an attacker to submit a specially crafted request leading to cross-site scripting XSS or further attacks. This flaw is the result of an incomple...

GHSA-5968-QW33-H47J Duplicate Advisory: Keycloak vulnerable to reflected XSS via wildcard in OIDC redirect_uri

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-cvg2-7c3j-g36j. This link is maintained to preserve external references. Original Description A flaw was found in Keycloak that prevents certain schemes in redirects, but permits them if a wildcard is appended t...

keycloak: reflected XSS via wildcard in OIDC redirect_uri

A flaw was found in Keycloak that prevents certain schemes in redirects, but permits them if a wildcard is appended to the token. This issue could allow an attacker to submit a specially crafted request leading to cross-site scripting XSS or further attacks. This flaw is the result of an incomple...

keycloak: reflected XSS via wildcard in OIDC redirect_uri

A flaw was found in Keycloak that prevents certain schemes in redirects, but permits them if a wildcard is appended to the token. This issue could allow an attacker to submit a specially crafted request leading to cross-site scripting XSS or further attacks. This flaw is the result of an incomple...

PT-2023-32538 · Red Hat · Keycloak

Name of the Vulnerable Software and Affected Versions: Keycloak affected versions not specified Description: A flaw was found in Keycloak that prevents certain schemes in redirects, but permits them if a wildcard is appended to the token. This issue could allow an attacker to submit a specially...

OTRS Information Disclosure Vulnerability (CNVD-2020-24029)

Open-source Ticket Request System OTRS is an open-source defect tracking and management system software from the German OTRS Group. The software categorizes service requests submitted through various channels such as phone calls, emails, etc. into different queues and service levels, and the...

DEBIAN-CVE-2020-1772

It's possible to craft Lost Password requests with wildcards in the Token value, which allows attacker to retrieve valid Tokens, generated by users which already requested new passwords. This issue affects: OTRS Community Edition 5.0.41 and prior versions, 6.0.26 and prior versions. OTRS: 7.0.15...