AVG-1577 log
Package | keycloak |
Status | Fixed |
Severity | Medium |
Type | cross-site request forgery |
Affected | 12.0.1-1 |
Fixed | 12.0.2-1 |
Current | 26.0.7-1 [extra] |
Ticket | None |
Created | Tue Feb 16 11:18:11 2021 |
Issue | Severity | Remote | Type | Description |
---|---|---|---|---|
CVE-2020-10770 | Medium | Yes | Cross-site request forgery | A flaw was found in Keycloak before 12.0.2, where it is possible to force the server to call out an unverified URL using the OIDC parameter request_uri.... |