CVE-2020-1727

Summary

A vulnerability was found in Keycloak before 9.0.2, where every Authorization URL that points to an IDP server lacks proper input validation as it allows a wide range of characters. This flaw allows a malicious to craft deep links that introduce further attack scenarios on affected clients.

Affected Software

VendorProductVersion RangeStatus
[UNKNOWN]keycloakVersions before 9.0.2affected

Weaknesses

  • CWE-20: CWE-20

ADP Enrichment

CVE Program Container

Additional References

References