AVG-1577 log

Package keycloak
Status Fixed
Severity Medium
Type cross-site request forgery
Affected 12.0.1-1
Fixed 12.0.2-1
Current 24.0.3-1 [extra]
Ticket None
Created Tue Feb 16 11:18:11 2021
Issue Severity Remote Type Description
CVE-2020-10770 Medium Yes Cross-site request forgery
A flaw was found in Keycloak before 12.0.2, where it is possible to force the server to call out an unverified URL using the OIDC parameter request_uri....