CVE-2020-1727
6.4
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
Summary
A vulnerability was found in Keycloak before 9.0.2, where every Authorization URL that points to an IDP server lacks proper input validation as it allows a wide range of characters. This flaw allows a malicious to craft deep links that introduce further attack scenarios on affected clients.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| [UNKNOWN] | keycloak | Versions before 9.0.2 | affected |
Weaknesses
- CWE-20: CWE-20
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.