CVE

CVE-2017-1000500

CVE-2017-1000500

Keycloak SSO versions prior to 2.x are vulnerable to Host Header Injection on the forgot password page causing the application to send a poisoned URL as the password reset link.

Source: CVE-2017-1000500

Exit mobile version