An open redirection vulnerability (open redirect) exists in keycloak auth endpoint. URL can be mentioned as the value of redirect_uri query parameter and it successfully redirects to it. References: https://github.com/syedsohaibkarim/OpenRedirect-Keycloak18.0.0
Hi As it looks this CVE has been rejected: https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=CVE-2022-1970 Can you please remove as well the bugzilla Alias to the CVE? Thanks already! Regards, Salvatore