Keycloak Update (MINDBREEZE29867)

ID: MINDBREEZE29867 
Affected Components: Mindbreeze InSpire, Mindbreeze InSpire SaaS 
Severity: 5.4 Medium 
Status: Final 
Last Update: February 2, 2024 
First published: March 18, 2024 
CVEs: CVE-2023-6134 

Summary

Keycloak - vulnerable to reflected XSS via wildcard in OIDC redirect_uri 

Hotfix Information

Fixed with following versions of Mindbreeze InSpire On-Premises or Mindbreeze InSpire SaaS: 

• Mindbreeze InSpire 24.1 Release 
• Mindbreeze InSpire SaaS 24.1 Release