A vulnerability was found in Keycloak before 9.0.2, where every Authorization URL that points to an IDP server lacks proper input validation as it allows a wide range of characters. This flaw allows a malicious to craft deep links that introduce further attack scenarios on affected clients.
Se encontró una vulnerabilidad en Keycloak versiones anteriores a 9.0.2, donde cada URL de autorización que apunta a un servidor IDP que carece de una comprobación de entrada inapropiada, ya que permite una amplia gama de caracteres. Este fallo permite a un malicioso diseñar enlaces profundos que introducen escenarios de ataque adicionales en los clientes afectados
A flaw was found in Keycloak, where every Authorization URL that points to an IDP server lacks proper input validation as it allows a wide range of characters. This flaw allows a malicious to craft deep links that introduce further attack scenarios on affected clients.