漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
N/A
Vulnerability Description
It was found that the keycloak before 2.3.0 did not implement authentication flow correctly. An attacker could use this flaw to construct a phishing URL, from which he could hijack the user's session. This could lead to information disclosure, or permit further possible attacks.
CVSS Information
N/A
Vulnerability Type
会话固定
Vulnerability Title
Red Hat keycloak 授权问题漏洞
Vulnerability Description
Red Hat keycloak是美国红帽(Red Hat)公司的一套开源用于现代应用和服务的身份和访问管理软件。 Red Hat keycloak 2.3.0之前版本中存在授权问题漏洞。远程攻击者可利用该漏洞劫持用户会话,造成信息泄露。
CVSS Information
N/A
Vulnerability Type
N/A