Severity
High
Affected Packages
1
Fixed Packages
1
A flaw was found in Keycloak in the OAuth 2.0 Pushed Authorization Requests (PAR). Client provided parameters were found to be included in plain text in the KC_RESTART cookie returned by the authorization server's HTTP response to a request_uri authorization request. This could lead to an information disclosure vulnerability.
Package | Affected Version |
---|---|
![]() |
< 24.0.5 |
Package | Fixed Version |
---|---|
![]() |
= 24.0.5 |
- ID
- MAVEN:GHSA-69FP-7C8P-CRJR
- Severity
- high
- URL
- https://github.com/advisories/GHSA-69fp-7c8p-crjr
- Published
-
2024-06-10T18:36:56
(6 weeks ago) - Modified
-
2024-06-10T18:36:57
(6 weeks ago) - Rights
- Maven Security Team
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:maven/org.keycloak/keycloak-services | org.keycloak |
![]() |
< 24.0.5 | |||
Fixed | pkg:maven/org.keycloak/keycloak-services | org.keycloak |
![]() |
= 24.0.5 |