JBOSS keycloak-services is vulnerable to open-redirection attacks. A lack of validation in the redirect URL in org.keycloak.protocol.oidc.utils.RedirectUtils
allows a remote attacker to redirect user’s to a malicious URL and confidential information from victims via phishing attacks.