Keycloak Update (MINDBREEZE29867)
ID: MINDBREEZE29867
Affected Components: Mindbreeze InSpire, Mindbreeze InSpire SaaS
Severity: 5.4 Medium
Status: Final
Last Update: February 2, 2024
First published: March 18, 2024
CVEs: CVE-2023-6134
Summary
Keycloak - vulnerable to reflected XSS via wildcard in OIDC redirect_uri
Hotfix Information
Fixed with following versions of Mindbreeze InSpire On-Premises or Mindbreeze InSpire SaaS:
- Mindbreeze InSpire 24.1 Release
- Mindbreeze InSpire SaaS 24.1 Release