Open Redirect Vulnerability in JBoss KeyCloak by Red Hat
CVE-2014-3652

6.1MEDIUM

Key Information:

Vendor: Jboss Keycloak
Status: Jboss Keycloak
Vendor: CVE Published:; 15 December 2019

🔔 Create Jboss Keycloak Vulnerability Alert

What is CVE-2014-3652?

The vulnerability in JBoss KeyCloak arises from its failure to properly validate the redirect URLs, which could lead to open redirect attacks. This flaw allows an attacker to manipulate the application's behavior, directing users to potentially malicious sites without their consent. As a result, users may inadvertently expose their credentials or sensitive information, making it crucial for organizations relying on KeyCloak to implement the necessary patches and safeguard against such exploits.

Affected Version(s)

JBoss KeyCloak through 2014-09-19

References

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-3652

x_refsource_MISC

https://access.redhat.com/security/cve/cve-2014-3652

x_refsource_MISC

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 15, 2019
Vulnerability Reserved
May 14, 2014

JSON