It was identified that the login redirect implementation provided by JBoss KeyCloak does not validate the redirect url. This flaw could be used by a remote attacker to conduct phishing attacks by redirecting users to arbitary web sites.
Upstream Issue: https://issues.jboss.org/browse/KEYCLOAK-700
Acknowledgements: This issue was discovered by Florian Weimer of Red Hat Product Security.
Upstream Commit: https://github.com/keycloak/keycloak/commit/0b8b31a3ea7d8d7ac8b14a020613fc32aa5e9d9d
Statement: This issue does not affect any supported Red Hat products.