A Keycloak cluster with multiple nodes could mishandle an expired session replacement and lead to an infinite loop. A malicious authenticated user could use this flaw to achieve Denial of Service on the server.
This issue has been addressed in the following products: Red Hat Single Sign-On 7.2.4 zip Via RHSA-2018:2428 https://access.redhat.com/errata/RHSA-2018:2428
This issue has been addressed in the following products: Red Hat Openshift Application Runtimes Via RHSA-2019:0877 https://access.redhat.com/errata/RHSA-2019:0877
*** Bug 1582623 has been marked as a duplicate of this bug. ***