The "request_uri" is an optional parameter in the OIDC Authentication Request that allows to specify an external URI where the Request object may be found. As the Identity Provider is supposed to request the external Request object, this parameter can be easily used to launch a SSRF attack against the IdP. https://issues.redhat.com/browse/KEYCLOAK-14019
Acknowledgments: Name: Lauritz Holtmann (@_lauritz_ ) (Chair for Network and Data Security at Ruhr University Bochum)
This issue has been addressed in the following products: Red Hat Single Sign-On 7.4 for RHEL 6 Via RHSA-2021:0318 https://access.redhat.com/errata/RHSA-2021:0318
This issue has been addressed in the following products: Red Hat Single Sign-On 7.4 for RHEL 8 Via RHSA-2021:0320 https://access.redhat.com/errata/RHSA-2021:0320
This issue has been addressed in the following products: Red Hat Single Sign-On 7.4 for RHEL 7 Via RHSA-2021:0319 https://access.redhat.com/errata/RHSA-2021:0319
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2020-10770
This issue has been addressed in the following products: Red Hat Single Sign-On 7.4.5 Via RHSA-2021:0327 https://access.redhat.com/errata/RHSA-2021:0327