mirror of
https://github.com/0xMarcio/cve.git
synced 2025-11-30 18:56:19 +00:00
1.7 KiB
1.7 KiB
CVE-2024-4540
Description
A flaw was found in Keycloak in OAuth 2.0 Pushed Authorization Requests (PAR). Client-provided parameters were found to be included in plain text in the KC_RESTART cookie returned by the authorization server's HTTP response to a request_uri authorization request, possibly leading to an information disclosure vulnerability.
POC
Reference
No PoCs from references.