Total vulnerabilities in the database
A misconfiguration flaw was found in Keycloak. This issue can allow an attacker to redirect users to an arbitrary URL if a 'Valid Redirect URI' is set to http://localhost or http://127.0.0.1, enabling sensitive information such as authorization codes to be exposed to the attacker, potentially leading to session hijacking.
| Software | From | Fixed in |
|---|---|---|
| redhat / openshift_container_platform | 4.12 | 4.12.x |
| redhat / openshift_container_platform | 4.11 | 4.11.x |
| redhat / openshift_container_platform_for_power | 4.10 | 4.10.x |
| redhat / single_sign-on | 7.6 | 7.6.x |
| redhat / openshift_container_platform_for_linuxone | 4.10 | 4.10.x |
| redhat / openshift_container_platform_for_linuxone | 4.9 | 4.9.x |
| redhat / openshift_container_platform_for_ibm_z | 4.10 | 4.10.x |
| redhat / openshift_container_platform_for_ibm_z | 4.9 | 4.9.x |
| redhat / openshift_container_platform_for_power | 4.9 | 4.9.x |