A vulnerability was found in keycloak in the way that the OIDC logout endpoint do not have CSRF protection. Reference: https://issues.redhat.com/browse/KEYCLOAK-13653
*** Bug 2026778 has been marked as a duplicate of this bug. ***