GHSA-w69q-w4h4-2fx8: Reverb use after free vulnerability

GHSA-vvf8-2h68-9475: Keycloak Open Redirect vulnerability

GHSA-4xx7-2cx3-x473: Keycloak SAML signature validation flaw

GHSA-84jw-g43v-8gjm: DOM Clobbering Gadget found in Rspack's AutoPublicPathRuntimeModule that leads to XSS

GHSA-jj94-6f5c-65r8: ZITADEL Allows Unauthorized Access After Organization or Project Deactivation

A misconfiguration flaw was found in Keycloak. This issue can allow an attacker to redirect users to an arbitrary URL if a 'Valid Redirect URI' is set to http://localhost or http://127.0.0.1, enabling sensitive information such as authorization codes to be exposed to the attacker, potentially leading to session hijacking.

**Keycloak Open Redirect vulnerability**

Moderate severity GitHub Reviewed Published Sep 19, 2024 to the GitHub Advisory Database • Updated Sep 19, 2024

Headline

GHSA-vvf8-2h68-9475: Keycloak Open Redirect vulnerability

ghsa: Latest News