{
  "threat_severity" : "Moderate",
  "public_date" : "2018-11-13T17:38:00Z",
  "bugzilla" : {
    "description" : "keycloak: Open Redirect in Login and Logout",
    "id" : "1625409",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1625409"
  },
  "cvss3" : {
    "cvss3_base_score" : "6.1",
    "cvss3_scoring_vector" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
    "status" : "verified"
  },
  "cwe" : "CWE-601",
  "details" : [ "A flaw was found in JBOSS Keycloak 3.2.1.Final. The Redirect URL for both Login and Logout are not normalized in org.keycloak.protocol.oidc.utils.RedirectUtils before the redirect url is verified. This can lead to an Open Redirection attack" ],
  "affected_release" : [ {
    "product_name" : "Red Hat Single Sign-On 7.2.5 zip",
    "release_date" : "2018-11-13T00:00:00Z",
    "advisory" : "RHSA-2018:3595",
    "cpe" : "cpe:/a:redhat:jboss_single_sign_on:7.2"
  }, {
    "product_name" : "Red Hat Single Sign-On 7.2 for RHEL 6",
    "release_date" : "2018-11-13T00:00:00Z",
    "advisory" : "RHSA-2018:3592",
    "cpe" : "cpe:/a:redhat:red_hat_single_sign_on:7::el6",
    "package" : "rh-sso7-keycloak-0:3.4.14-1.Final_redhat_00001.1.jbcs.el6"
  }, {
    "product_name" : "Red Hat Single Sign-On 7.2 for RHEL 7",
    "release_date" : "2018-11-13T00:00:00Z",
    "advisory" : "RHSA-2018:3593",
    "cpe" : "cpe:/a:redhat:red_hat_single_sign_on:7::el7",
    "package" : "rh-sso7-keycloak-0:3.4.14-1.Final_redhat_00001.1.jbcs.el7"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Fuse 7",
    "fix_state" : "Will not fix",
    "package_name" : "keycloak",
    "cpe" : "cpe:/a:redhat:jboss_fuse:7"
  }, {
    "product_name" : "Red Hat Mobile Application Platform 4",
    "fix_state" : "Out of support scope",
    "package_name" : "keycloak",
    "cpe" : "cpe:/a:redhat:mobile_application_platform:4"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2018-14658\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-14658" ],
  "name" : "CVE-2018-14658",
  "csaw" : false
}