CVE-2020-10770 - log back

CVE-2020-10770 edited at 16 Feb 2021 11:19:15
Description
- A flaw was found in Keycloak before 13.0.0, where it is possible to force the server to call out an unverified URL using the OIDC parameter request_uri. This flaw allows an attacker to use this parameter to execute a Server-side request forgery (SSRF) attack.
+ A flaw was found in Keycloak before 12.0.2, where it is possible to force the server to call out an unverified URL using the OIDC parameter request_uri. This flaw allows an attacker to use this parameter to execute a Server-side request forgery (SSRF) attack.
CVE-2020-10770 edited at 16 Feb 2021 11:12:32
References
https://bugzilla.redhat.com/show_bug.cgi?id=1846270
https://issues.redhat.com/browse/KEYCLOAK-14019
- https://github.com/keycloak/keycloak/commit/eac3329d225a58b43b0bc97300423596063b33c1
+ https://github.com/keycloak/keycloak/commit/55a064a978b0b7e0f0b93c33931f7dabe7d0d5e2
CVE-2020-10770 edited at 16 Feb 2021 11:10:38
References
https://bugzilla.redhat.com/show_bug.cgi?id=1846270
https://issues.redhat.com/browse/KEYCLOAK-14019
+ https://github.com/keycloak/keycloak/commit/eac3329d225a58b43b0bc97300423596063b33c1
CVE-2020-10770 edited at 15 Dec 2020 22:25:00
Severity
- Unknown
+ Medium
Remote
- Unknown
+ Remote
Type
- Unknown
+ Cross-site request forgery
Description
+ A flaw was found in Keycloak before 13.0.0, where it is possible to force the server to call out an unverified URL using the OIDC parameter request_uri. This flaw allows an attacker to use this parameter to execute a Server-side request forgery (SSRF) attack.
References
+ https://bugzilla.redhat.com/show_bug.cgi?id=1846270
+ https://issues.redhat.com/browse/KEYCLOAK-14019
CVE-2020-10770 created at 15 Dec 2020 22:23:54
Severity
+ Unknown
Remote
+ Unknown
Type
+ Unknown
Description
References
Notes