CVE-2020-14302: Authentication Bypass by Capture-replay
(updated )
A flaw was found in Keycloak where an external identity provider, after successful authentication, redirects to a Keycloak endpoint that accepts multiple invocations with the use of the same state
parameter. This flaw allows a malicious user to perform replay attacks.
References
Detect and mitigate CVE-2020-14302 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →