CVE-2021-3461 log

Source
Severity Low
Remote Yes
Type Incorrect calculation
Description
Keycloak may fail to logout a user session if the logout request comes from an external SAML identity provider that is set up to identify the principal via attributes rather than by Subject Name ID.
Group Package Affected Fixed Severity Status Ticket
AVG-1994 keycloak 13.0.0-1 13.0.1-1 Low Fixed
Date Advisory Group Package Severity Type
01 Jun 2021 ASA-202106-19 AVG-1994 keycloak Low incorrect calculation
References
https://bugzilla.redhat.com/show_bug.cgi?id=1941565
https://issues.redhat.com/browse/KEYCLOAK-17495
https://github.com/keycloak/keycloak/commit/f014299e7c781dff2b492b81bc81adcf717bd530