CVE-2020-10734

Cross-Site Request Forgery (CSRF) in maven/org.keycloak/keycloak-oidc-client-adapter-pom

Identifiers

GHSA-rvjg-gxwx-j5gf, CVE-2020-10734

Package Slug

maven/org.keycloak/keycloak-oidc-client-adapter-pom

Vulnerability

Cross-Site Request Forgery (CSRF)

Description

A vulnerability was found in keycloak in the way that the OIDC logout endpoint does not have CSRF protection. Versions shipped with Red Hat Fuse 7, Red Hat Single Sign-on 7, and Red Hat Openshift Application Runtimes are believed to be vulnerable.

Affected Versions

All versions before 18.0.0

Solution

Upgrade to version 18.0.0 or above.

Last Modified

2022-05-01

source