It was discovered that the org.keycloak.services.resources.SocialResource.callback(String) method implementation lacked CSRF protection. A remote attacker could use this flaw to gain access to a KeyCloak managed accounts or perform other attacks.
Upstream Issue: https://issues.jboss.org/browse/KEYCLOAK-765
Acknowledgements: This issue was discovered by Florian Weimer of Red Hat Product Security.
Statement: This issue does not affect any supported Red Hat products.