CVE-2020-10770 log

Severity Medium
Remote Yes
Type Cross-site request forgery
A flaw was found in Keycloak before 12.0.2, where it is possible to force the server to call out an unverified URL using the OIDC parameter request_uri. This flaw allows an attacker to use this parameter to execute a Server-side request forgery (SSRF) attack.
Group Package Affected Fixed Severity Status Ticket
AVG-1577 keycloak 12.0.1-1 12.0.2-1 Medium Fixed