An open redirection vulnerability (open redirect) exists in keycloak auth endpoint.
URL can be mentioned as the value of redirect_uri query parameter and it successfully redirects to it.
References:
https://github.com/syedsohaibkarim/OpenRedirect-Keycloak18.0.0
Comment 4Salvatore Bonaccorso
2022-10-22 09:29:17 UTC