Upstream information
Description
A flaw was found in Keycloak in OAuth 2.0 Pushed Authorization Requests (PAR). Client-provided parameters were found to be included in plain text in the KC_RESTART cookie returned by the authorization server's HTTP response to a `request_uri` authorization request, possibly leading to an information disclosure vulnerability.SUSE information
Overall state of this security issue: Does not affect SUSE products
This issue is currently rated as having important severity.
SUSE Bugzilla entry: 1225899 [NEW] No SUSE Security Announcements cross referenced.SUSE Timeline for this CVE
CVE page created: Mon Jun 3 18:00:23 2024CVE page last modified: Tue Jun 4 11:51:18 2024