JBoss Keycloak CSRF Vulnerability
High severity
GitHub Reviewed
Published
May 17, 2022
to the GitHub Advisory Database
•
Updated Aug 16, 2023
Package
Affected versions
< 1.0.3.Final
Patched versions
1.0.3.Final
Description
Published by the National Vulnerability Database
Oct 18, 2017
Published to the GitHub Advisory Database
May 17, 2022
Reviewed
Aug 7, 2023
Last updated
Aug 16, 2023
The
org.keycloak.services.resources.SocialResource.callback
method in JBoss KeyCloak before 1.0.3.Final allows remote attackers to conduct cross-site request forgery (CSRF) attacks by leveraging lack of CSRF protection.References