A vulnerability was found in Keycloak before 9.0.2, where every Authorization URL that points to an IDP server lacks proper input validation as it allows a wide range of characters. This flaw allows a malicious to craft deep links that introduce further attack scenarios on affected clients.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published:

Updated: 2024-08-04T06:46:30.851Z

Reserved: 2019-11-27T00:00:00

Link: CVE-2020-1727

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2020-06-22T19:15:10.717

Modified: 2024-11-21T05:11:15.170

Link: CVE-2020-1727

cve-icon Redhat

Severity : Moderate

Publid Date: 2020-05-20T00:00:00Z

Links: CVE-2020-1727 - Bugzilla

cve-icon OpenCVE Enrichment

No data.