CVE-2020-10734

Summary

A vulnerability was found in keycloak in the way that the OIDC logout endpoint does not have CSRF protection. Versions shipped with Red Hat Fuse 7, Red Hat Single Sign-on 7, and Red Hat Openshift Application Runtimes are believed to be vulnerable.

Affected Software

VendorProductVersion RangeStatus
n/akeycloakAs shipped with Red Hat Fuse 7, Red Hat Single Sign-on 7, and Red Hat Openshift Application Runtimesaffected

Weaknesses

  • CWE-352: CWE-352

ADP Enrichment

CVE Program Container

Additional References

References