A flaw was found in keycloak. The OIDC logout endpoint does not have CSRF protection. The highest threat from this vulnerability is to system availability.

Affected Packages

Maven org.keycloak:keycloak-oidc-client-adapter-pom

Affected versions: 0 (fixed in 18.0.0)

Related CVEs

CVE-2020-10734

Key Information

GHSA ID

GHSA-rvjg-gxwx-j5gf

Published

April 28, 2022 5:13 PM

Last Modified

April 28, 2022 5:13 PM

CVSS Score

2.5 /10

Primary Ecosystem

Maven

Primary Package

org.keycloak:keycloak-oidc-client-adapter-pom

GitHub Reviewed

✓ Yes

Dataset

Last updated: September 22, 2025 6:29 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.