Lucene search
RedhatCVELIST:CVE-2020-14302HistoryDec 15, 2020 - 7:06 p.m.
CVE-2020-14302
2020-12-1519:06:15
CWE-294
redhat
www.cve.org
4
A flaw was found in Keycloak before 13.0.0 where an external identity provider, after successful authentication, redirects to a Keycloak endpoint that accepts multiple invocations with the use of the same “state” parameter. This flaw allows a malicious user to perform replay attacks.
CNA Affected
[
{
"product": "keycloak",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "keycloak 13.0.0"
}
]
}
]Related
nvd
nvd
CVE-2020-14302
2020-12-15 20:15:15
redhatcve
redhatcve
CVE-2020-14302
2020-11-26 06:51:31
veracode
veracode
Denial Of Service (DoS)
2021-03-24 11:54:09
cve
cve
CVE-2020-14302
2020-12-15 20:15:15
prion
prion
Authentication flaw
2020-12-15 20:15:00
osv
osv
CVE-2020-14302
2020-12-15 20:15:15
redhat
redhat
(RHSA-2021:0969) Low: Red Hat Single Sign-On 7.4.6 security update on RHEL 8
2021-03-23 13:39:03
(RHSA-2021:0968) Low: Red Hat Single Sign-On 7.4.6 security update on RHEL 7
2021-03-23 13:38:56
(RHSA-2021:0967) Low: Red Hat Single Sign-On 7.4.6 security update on RHEL 6
2021-03-23 13:38:50
nessus
nessus
archlinux
archlinux
[ASA-202105-6] keycloak: multiple issues
2021-05-19 00:00:00