Impact: Low Public Date: 2014-10-21 CWE: CWE-601 Bugzilla: 1144281: CVE-2014-3652 JBoss KeyCloak: Open redirect vulnerability It was identified that the login redirect implementation provided by JBoss KeyCloak did not validate the redirect URL. This flaw could be used by a remote malicious user to conduct phishing attacks by redirecting users to arbitary websites.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
redhat keycloak 1.0.1 |