QwikSec

Security Database

CVE

CWE

Training

CVE-2020-10770

Published: Dec 15, 2020

Modified: Aug 4, 2024

PUBLISHED

Description

A flaw was found in Keycloak before 13.0.0, where it is possible to force the server to call out an unverified URL using the OIDC parameter request_uri. This flaw allows an attacker to use this parameter to execute a Server-side request forgery (SSRF) attack.

Vendor	Product	Versions
n/a	keycloak	affected `keycloak 13.0.0`

Weaknesses (CWE)

References

https://bugzilla.redhat.com/show_bug.cgi?id=1846270

http://packetstormsecurity.com/files/164499/Keycloak-12.0.1-Server-Side-Request-Forgery.html

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.