VDB
KO
MEDIUM 4.2

GHSA-wcvj-vpvw-9rr5

Keycloak Services has Improper Validation of Consistency within Input

Details

A flaw was found in Keycloak, an open-source identity and access management solution. When a client application is configured to accept broad redirect Uniform Resource Identifiers (URIs), a remote attacker can manipulate the authentication process by crafting a special web address. If a user clicks this link, the client application might incorrectly prioritize attacker-controlled information over legitimate data. This vulnerability, known as HTTP parameter pollution, could allow an attacker to bypass security measures or gain unauthorized access to resources.

Are you affected?

Enter the version of the package you're using.

Affected packages

Maven / org.keycloak:keycloak-services
Introduced in: 26.5.0

No fixed version published yet for org.keycloak:keycloak-services (maven). Pin to a known-safe version or switch to an alternative.

Maven / org.keycloak:keycloak-services
Introduced in: 0

No fixed version published yet for org.keycloak:keycloak-services (maven). Pin to a known-safe version or switch to an alternative.

References