Published: 26/10/2017 Updated: 09/10/2019

CVSS v2 Base Score: 3.5 | Impact Score: 2.9 | Exploitability Score: 6.8

CVSS v3 Base Score: 5.4 | Impact Score: 2.7 | Exploitability Score: 2.3

VMScore: 312

Vector: AV:N/AC:M/Au:S/C:N/I:P/A:N

It was found that Keycloak would accept a HOST header URL in the admin console and use it to determine web resource locations. An attacker could use this flaw against an authenticated user to attain reflected XSS via a malicious server.

Vulnerable Product	Search on Vulmon	Subscribe to Product
redhat single_sign_on 7.0
redhat single_sign_on 7.1
keycloak keycloak -

Synopsis Moderate: Red Hat Single Sign-On security update Type/Severity Security Advisory: Moderate Topic Red Hat Single Sign-On 713 is now available for download from the Customer PortalRed Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring ...

Synopsis Moderate: rh-sso7-keycloak security update Type/Severity Security Advisory: Moderate Topic An update for rh-sso7-keycloak is now available for Red Hat Single Sign-On 71 for RHEL 7Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring ...

Synopsis Moderate: rh-sso7-keycloak security update Type/Severity Security Advisory: Moderate Topic An update for rh-sso7-keycloak is now available for Red Hat Single Sign-On 71 for RHEL 6Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring ...

CWE-79 https://bugzilla.redhat.com/show_bug.cgi?id=1489161 https://access.redhat.com/errata/RHSA-2017:2906 https://access.redhat.com/errata/RHSA-2017:2905 https://access.redhat.com/errata/RHSA-2017:2904 http://www.securityfocus.com/bid/101618 https://nvd.nist.gov https://access.redhat.com/errata/RHSA-2017:2906

CVE-2017-12158

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect