6.1
CVSS V3
Build, ship, and run secure software with minimal, hardened container images — rebuilt from source daily and guarded under our industry-leading remediation SLA.
Start for freeA misconfiguration flaw was found in Keycloak. This issue can allow an attacker to redirect users to an arbitrary URL if a 'Valid Redirect URI' is set to http://localhost or http://127.0.0.1, enabling sensitive information such as authorization codes to be exposed to the attacker, potentially leading to session hijacking.