← back
CVE-2020-1697

CVE-2020-1697

CVSS 6.1 MEDIUMEPSS 0.8%CWE-79
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 6.1EPSS 0.8%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
10 Feb 2020Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
It was found in all keycloak versions before 9.0.0 that links to external applications (Application Links) in the admin console are not validated properly and could allow Stored XSS attacks. An authed malicious user could create URLs to trick users in other realms, and possibly conduct further attacks.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Affected products
Red Hat · keycloak

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1697