During the assessment of the Admin Console application, it was found that almost every Authorization URL that points to an IDP server lacks on proper input validation. There is no need to allow a wide range of characters that a malicious user might be able to use to craft deep links that can introduce further attack scenarios on affected clients.
Name: Sebastian Moritz (Cure53)
This issue has been addressed in the following products:
Red Hat Runtimes Spring Boot 2.2.6
Via RHSA-2020:2252 https://access.redhat.com/errata/RHSA-2020:2252
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):