CVE-2020-10770
CVE-2020-10770
A flaw was found in Keycloak before 13.0.0, where it is possible to force the server to call out an unverified URL using the OIDC parameter request_uri. This flaw allows an attacker to use this parameter to execute a Server-side request forgery (SSRF) attack.
Affected products
n/a · keycloakpublic PoCs found — 3
githubgithub.com/ColdFusionX/Keycloak-12.0.1-CVE-2020-10770★ 8cve_referencepacketstormsecurity.com/files/164499/Keycloak-12.0.1-Server-Side-Request-Forgery.htmlunverifiedexploitdbwww.exploit-db.com/exploits/50405unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →