Moderate severityNVD Advisory· Published Nov 13, 2018· Updated Aug 5, 2024
CVE-2018-14658
CVE-2018-14658
Description
A flaw was found in JBOSS Keycloak 3.2.1.Final. The Redirect URL for both Login and Logout are not normalized in org.keycloak.protocol.oidc.utils.RedirectUtils before the redirect url is verified. This can lead to an Open Redirection attack
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.keycloak:keycloak-coreMaven | <= 3.2.1.Final | — |
Affected products
2Patches
Vulnerability mechanics
References
6- access.redhat.com/errata/RHSA-2018:3592ghsavendor-advisoryx_refsource_REDHATWEB
- access.redhat.com/errata/RHSA-2018:3593ghsavendor-advisoryx_refsource_REDHATWEB
- access.redhat.com/errata/RHSA-2018:3595ghsavendor-advisoryx_refsource_REDHATWEB
- github.com/advisories/GHSA-3qh2-mccc-q5m6ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2018-14658ghsaADVISORY
- bugzilla.redhat.com/show_bug.cgighsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.