Vulnerabilities > CVE-2021-3461 - Insufficient Session Expiration vulnerability in Redhat Keycloak and Single Sign-On

047910
CVSS 7.1 - HIGH
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
NONE
local
low complexity
redhat
CWE-613

Summary

A flaw was found in keycloak where keycloak may fail to logout user session if the logout request comes from external SAML identity provider and Principal Type is set to Attribute [Name].

Common Weakness Enumeration (CWE)