5.4
CVSS V3
Keycloak Authorization Bypass vulnerability
Due to a permissive regular expression hardcoded for filtering allowed hosts to register a dynamic client, a malicious user with enough information about the environment could benefit and jeopardize an environment with this specific Dynamic Client Registration with TrustedDomain configuration previously unauthorized.
Special thanks to Bastian Kanbach for reporting this issue and helping us improve our security.
