Redhat: >> Keycloak >> 11.0.3 Security Vulnerabilities
A flaw was found in Keycloak before version 12.0.0, where it is possible to add unsafe schemes for the redirect_uri parameter. This flaw allows an attacker to perform a Cross-site scripting attack.
CVSS Score
4.8
EPSS Score
0.003
Published
2020-11-17
A vulnerability was found in keycloak, where path traversal using URL-encoded path segments in the request is possible because the resources endpoint applies a transformation of the url path to the file path. Only few specific folder hierarchies can be exposed by this flaw
CVSS Score
6.8
EPSS Score
0.004
Published
2020-11-09
Page 4