A vulnerability was found in keycloak in the way that the OIDC logout endpoint does not have CSRF protection. Versions shipped with Red Hat Fuse 7, Red Hat Single Sign-on 7, and Red Hat Openshift Application Runtimes are believed to be vulnerable.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
redhat keycloak - |
||
redhat jboss fuse 7.0.0 |
||
redhat openshift application runtimes - |
||
redhat single sign-on 7.0 |