Cross-site request forgery In org.keycloak:keycloak-services
Description
JBoss Keycloak CSRF Vulnerability
The org.keycloak.services.resources.SocialResource.callback method in JBoss KeyCloak before 1.0.3.Final allows remote attackers to conduct cross-site request forgery (CSRF) attacks by leveraging lack of CSRF protection.
Mitigation
Update Impact
Minimal update. May introduce new vulnerabilities or breaking changes.
Ecosystem | Package | Affected version | Patched versions |
|---|---|---|---|
 maven | 1.0.3.final |
Aliases
1. 2. 3. 4.
References
1. 2. 3. 4.