Duplicate Advisory: Keycloak Open Redirect vulnerability
Moderate severity
GitHub Reviewed
Published
Dec 19, 2023
to the GitHub Advisory Database
•
Updated Dec 23, 2024
Withdrawn
This advisory was withdrawn on Dec 23, 2024
Description
Published by the National Vulnerability Database
Dec 18, 2023
Published to the GitHub Advisory Database
Dec 19, 2023
Reviewed
Dec 19, 2023
Withdrawn
Dec 23, 2024
Last updated
Dec 23, 2024
Duplicate Advisory
This advisory has been withdrawn because it is a duplicate of GHSA-9vm7-v8wj-3fqw. This link is maintained to preserve external references.
Original Description
A flaw was found in Keycloak. This issue may allow an attacker to steal authorization codes or tokens from clients using a wildcard in the JARM response mode "form_post.jwt" which could be used to bypass the security patch implemented to address CVE-2023-6134.
References