← volver
CVE-2020-1697

CVE-2020-1697

CVSS 6.1 MEDIUMEPSS 0.8%CWE-79
Vexday Risk Score
13Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS 6.1EPSS 0.8%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
10 feb 2020Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
It was found in all keycloak versions before 9.0.0 that links to external applications (Application Links) in the admin console are not validated properly and could allow Stored XSS attacks. An authed malicious user could create URLs to trick users in other realms, and possibly conduct further attacks.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Productos afectados
Red Hat · keycloak

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1697