CVE-2020-14302

A flaw was found in Keycloak before 13.0.0 where an external identity provider, after successful authentication, redirects to a Keycloak endpoint that accepts multiple invocations with the use of the same "state" parameter. This flaw allows a malicious user to perform replay attacks.

CVSS v3 4.9 MEDIUM
CVSS v2.0 4.0 MEDIUM

4.9^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.2 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

4.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:S/C:N/I:P/A:N

Exploitability : 8.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
https://bugzilla.redhat.com/show_bug.cgi?id=1849584	Issue Tracking Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:redhat:keycloak:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2020-12-15 20:15

Updated : 2023-12-10 13:41

NVD link : CVE-2020-14302

Mitre link : CVE-2020-14302

CVE.ORG link : CVE-2020-14302

JSON object : View

Products Affected

redhat

keycloak

CWE

CWE-294

Authentication Bypass by Capture-replay

{"id": "CVE-2020-14302", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.2}]}, "published": "2020-12-15T20:15:15.573", "references": [{"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1849584", "tags": ["Issue Tracking", "Vendor Advisory"], "source": "secalert@redhat.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-294"}]}, {"type": "Secondary", "source": "secalert@redhat.com", "description": [{"lang": "en", "value": "CWE-294"}]}], "descriptions": [{"lang": "en", "value": "A flaw was found in Keycloak before 13.0.0 where an external identity provider, after successful authentication, redirects to a Keycloak endpoint that accepts multiple invocations with the use of the same \"state\" parameter. This flaw allows a malicious user to perform replay attacks."}, {"lang": "es", "value": "Se encontr\u00f3 un fallo en Keycloak versiones anteriores a 13.0.0, donde un proveedor de identidad externo, despu\u00e9s de una autenticaci\u00f3n con \u00e9xito, redirecciona un endpoint hacia Keycloak que acepta m\u00faltiples invocaciones con el uso del mismo par\u00e1metro \"state\". Este fallo permite a un usuario malicioso llevar a cabo ataques de reproducci\u00f3n"}], "lastModified": "2020-12-18T16:19:25.617", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:redhat:keycloak:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6C59F338-CA05-4F1D-84DA-246111636A0E", "versionEndExcluding": "13.0.0"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}