CVE-2021-3461

CVE-2021-3461

Vendor N/A
Product keycloak
Weakness CWE-613 · Insufficient session expiration
Published April 1, 2022
Last update August 3, 2024

CVSS base score

What the vulnerability does

01Description

A flaw was found in keycloak where keycloak may fail to logout user session if the logout request comes from external SAML identity provider and Principal Type is set to Attribute [Name].

Key dates

02Disclosure timeline

April 1, 2022 CVE published
August 3, 2024 Record updated