Headline

CVE-2020-10770: Invalid Bug ID

A flaw was found in Keycloak before 13.0.0, where it is possible to force the server to call out an unverified URL using the OIDC parameter request_uri. This flaw allows an attacker to use this parameter to execute a Server-side request forgery (SSRF) attack.

3 years ago

CVE

Open in Source

#ssrf

‘1846270?cve=title’ is not a valid bug number nor an alias to a bug.

Please press Back and try again.

A Server-Side Request Forgery issue in the OpenID Connect Issuer in LemonLDAP::NG before 2.17.1 allows authenticated remote attackers to send GET requests to arbitrary URLs through the request_uri authorization parameter. This is similar to CVE-2020-10770.

12 months ago

CVE

Open in Source

#vulnerability #web #amazon #red_hat #git #ldap #ssrf #pdf #aws #oauth #auth

CVE-2023-28069: DSA-2022-258: Dell Streaming Data Platform Security Update for Multiple Third-Party Component Vulnerabilities

Dell Streaming Data Platform prior to 1.4 contains Open Redirect vulnerability. An attacker with privileges same as a legitimate user can phish the legitimate the user to redirect to malicious website leading to information disclosure and launch of phishing attacks.

1 year ago

CVE

Open in Source