1791538 – (CVE-2020-1697) CVE-2020-1697 keycloak: stored XSS in client settings via application links

Bug 1791538 (CVE-2020-1697) - CVE-2020-1697 keycloak: stored XSS in client settings via application links

Summary: CVE-2020-1697 keycloak: stored XSS in client settings via application links

Keywords:
Status:	CLOSED ERRATA
Alias:	CVE-2020-1697
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	1785336
TreeView+	depends on / blocked

Reported:	2020-01-16 05:48 UTC by Paramvir jindal
Modified:	2021-02-16 20:45 UTC (History)
CC List:	33 users (show)
Fixed In Version:	keycloak 9.0.0
Clone Of:
Environment:
Last Closed:	2020-06-01 17:20:31 UTC
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2020:2252	0	None	None	None	2020-06-01 15:32:32 UTC
Red Hat Product Errata	RHSA-2020:2905	0	None	None	None	2020-07-23 07:04:16 UTC

Description Paramvir jindal 2020-01-16 05:48:46 UTC

During the assessment of the Admin Console application, it was found that links to external applications, so called Application Links, does not get validated properly and therefore are prone to Stored XSS attacks. The affected parameter BaseURL within the Clients settings page from the admin console application accepts any characters and therefore it is possible to insert URLs with the javascript

https://issues.redhat.com/browse/KEYCLOAK-12459

Comment 4 Guilherme de Almeida Suckevicz 2020-01-21 13:11:56 UTC

Acknowledgments:

Name: Cure53 Berlin

Comment 12 errata-xmlrpc 2020-06-01 15:32:29 UTC

This issue has been addressed in the following products:

  Red Hat Runtimes Spring Boot 2.2.6

Via RHSA-2020:2252 https://access.redhat.com/errata/RHSA-2020:2252

Comment 13 Product Security DevOps Team 2020-06-01 17:20:31 UTC

This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2020-1697

Comment 14 errata-xmlrpc 2020-07-23 07:04:13 UTC

This issue has been addressed in the following products:

  Red Hat Openshift Application Runtimes

Via RHSA-2020:2905 https://access.redhat.com/errata/RHSA-2020:2905

Note You need to log in before you can comment on or make changes to this bug.

aboyko
aileenc
avibelli
bgeorges
cbyrne
chazlett
cmacedo
cmoulliard
dffrench
dkreling
drieden
drusso
ggaughan
ikanello
janstey
jbalunas
jmadigan
jochrist
jpallich
jshepherd
jwon
krathod
lthon
mszynkie
ngough
pdrozd
pgallagh
pjindal
pwright
rruss
security-response-team
sthorger
trepel