CVE-2021-3461 log

Source
Severity Low
Remote Yes
Type Incorrect calculation
Description
Keycloak may fail to logout a user session if the logout request comes from an external SAML identity provider that is set up to identify the principal via attributes rather than by Subject Name ID.
Group Package Affected Fixed Severity Status Ticket
AVG-1332 keycloak 12.0.4-1 High Vulnerable
References
https://bugzilla.redhat.com/show_bug.cgi?id=1941565
https://issues.redhat.com/browse/KEYCLOAK-17495