CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2020-10734

A vulnerability was found in keycloak in the way that the OIDC logout endpoint does not have CSRF protection. Versions shipped with Red Hat Fuse 7, Red Hat Single Sign-on 7, and Red Hat Openshift Application Runtimes are believed to be vulnerable.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 3.7%

CVSS Severity

CVSS v3 Score 3.3

CVSS v2 Score 2.1

References

https://bugzilla.redhat.com/show_bug.cgi?id=1831662
https://issues.redhat.com/browse/KEYCLOAK-13653
https://bugzilla.redhat.com/show_bug.cgi?id=1831662
https://issues.redhat.com/browse/KEYCLOAK-13653

Products affected by CVE-2020-10734

Redhat » Jboss Fuse » Version: 7.0.0

cpe:2.3:a:redhat:jboss_fuse:7.0.0
Redhat » Keycloak » Version: N/A

cpe:2.3:a:redhat:keycloak:-
Redhat » Openshift Application Runtimes » Version: N/A

cpe:2.3:a:redhat:openshift_application_runtimes:-
Redhat » Single Sign-On » Version: 7.0

cpe:2.3:a:redhat:single_sign-on:7.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-10734

Products

Pricing

Contact Us