A flaw was found in keycloak. The OIDC logout endpoint does not have CSRF protection. The highest threat from this vulnerability is to system availability.

**OIDC Logout redirect in keycloak**

Low severity GitHub Reviewed Published Apr 28, 2022 in keycloak/keycloak • Updated Apr 28, 2022

GHSA-rvjg-gxwx-j5gf: OIDC Logout redirect in keycloak

The Hashicorp go-getter library before 1.5.11 could write SSH credentials into its logfile, exposing sensitive credentials to local users able to read the logfile.

**Insertion of Sensitive Information into Log File in Hashicorp go-getter**

Moderate severity GitHub Reviewed Published Apr 28, 2022 • Updated May 3, 2022

GHSA-27rq-4943-qcwp: Insertion of Sensitive Information into Log File in Hashicorp go-getter

XSS in /demo/module/?module=HERE in GitHub repository microweber/microweber prior to 1.2.15. Typical impact of XSS attacks.

**Cross-site Scripting in microweber**

Moderate severity GitHub Reviewed Published Apr 28, 2022 • Updated Apr 28, 2022

Source

ghsa