CVE-2020-10770

Keycloak 12.0.1 - 'request_uri ' Blind Server-Side Request Forgery (SSRF) (Unauthenticated)

Severity Score

5.3

*CVSS v3.1

Exploit Likelihood

92.3%

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

A flaw was found in Keycloak before 13.0.0, where it is possible to force the server to call out an unverified URL using the OIDC parameter request_uri. This flaw allows an attacker to use this parameter to execute a Server-side request forgery (SSRF) attack.

Se encontró un fallo en Keycloak versiones anteriores a 13.0.0, donde es posible forzar al servidor a llamar a una URL no verificada usando el parámetro OIDC request_uri. Este fallo permite a un atacante usar este parámetro para ejecutar un ataque de tipo Server-side request forgery (SSRF)

A flaw was found in Keycloak, where it is possible to force the server to call out an unverified URL using the OIDC parameter request_uri. This flaw allows an attacker to use this parameter to execute a Server-side request forgery (SSRF) attack.

Red Hat Single Sign-On 7.4 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This release of Red Hat Single Sign-On 7.4.5 serves as a replacement for Red Hat Single Sign-On 7.4.4, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include memory leak and server-side request forgery vulnerabilities.

*Credits: N/A

CVSS Scores

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

Low

Availability

None

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Changed

Confidentiality

None

Integrity

None

Availability

Low

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

None

Integrity

Partial

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2020-03-20 CVE Reserved
2020-12-15 CVE Published
2021-10-13 First Exploit
2024-08-04 CVE Updated
2025-03-30 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-918: Server-Side Request Forgery (SSRF)

CAPEC

References (6)

URL	Tag	Source

URL	Date	SRC
https://packetstorm.news/files/id/164499	2021-10-13
https://www.exploit-db.com/exploits/50405	2021-10-13
https://github.com/ColdFusionX/Keycloak-12.0.1-CVE-2020-10770	2022-07-11
http://packetstormsecurity.com/files/164499/Keycloak-12.0.1-Server-Side...	2024-08-04

1 - 4 of 4

URL	Date	SRC

URL	Date	SRC
https://bugzilla.redhat.com/show_bug.cgi?id=1846270	2021-02-01
https://access.redhat.com/security/cve/CVE-2020-10770	2021-02-01

1 - 2 of 2

Affected Vendors, Products, and Versions (1)

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Redhat Search vendor "Redhat"		Keycloak Search vendor "Redhat" for product "Keycloak"				< 12.0.2 Search vendor "Redhat" for product "Keycloak" and version " < 12.0.2"		-		Affected

1 - 1 of 1