---

CVE-2020-14302 - log back

CVE-2020-14302 edited at 01 Mar 2021 14:40:14
References	https://bugzilla.redhat.com/show_bug.cgi?id=1849584 https://issues.redhat.com/browse/KEYCLOAK-14483 + https://github.com/keycloak/keycloak/pull/7807 + https://github.com/keycloak/keycloak/commit/41dc94fead4c20560e0dd96c3efbd7bd10a484b6

CVE-2020-14302 edited at 16 Feb 2021 11:16:32
References	https://bugzilla.redhat.com/show_bug.cgi?id=1849584 + https://issues.redhat.com/browse/KEYCLOAK-14483

CVE-2020-14302 edited at 15 Dec 2020 20:24:13
Severity	- Unknown + Medium
Remote	- Unknown + Remote
Type	- Unknown + Insufficient validation
Description	+ A flaw was found in Keycloak before 13.0.0 where an external identity provider, after successful authentication, redirects to a Keycloak endpoint that accepts multiple invocations with the use of the same "state" parameter. This flaw allows a malicious user to perform replay attacks.
References	+ https://bugzilla.redhat.com/show_bug.cgi?id=1849584

CVE-2020-14302 created at 15 Dec 2020 20:23:01
Severity	+ Unknown
Remote	+ Unknown
Type	+ Unknown
Description
References
Notes