Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
keycloak vulnerabilities and exploits
(subscribe to this query)
7.8
CVSSv3
CVE-2017-15112
keycloak-httpd-client-install versions prior to 0.8 allow users to insecurely pass password through command line, leaking it via command history and process info to other local users.
Keycloak-httpd-client-install Project Keycloak-httpd-client-install
8.8
CVSSv3
CVE-2021-4133
A flaw was found in Keycloak in versions from 12.0.0 and prior to 15.1.1 which allows an attacker with any existing user account to create new default user accounts via the administrative REST API even when new user registration is disabled.
Redhat Keycloak
7.2
CVSSv3
CVE-2019-10169
A flaw was found in Keycloak’s user-managed access interface, where it would permit a script to be set in the UMA policy. This flaw allows an authenticated attacker with UMA permissions to configure a malicious script to trigger and execute arbitrary code with the permissio...
Redhat Keycloak
7.2
CVSSv3
CVE-2019-10170
A flaw was found in the Keycloak admin console, where the realm management interface permits a script to be set via the policy. This flaw allows an attacker with authenticated user and realm management permissions to configure a malicious script to trigger and execute arbitrary c...
Redhat Keycloak
4.8
CVSSv3
CVE-2020-10776
A flaw was found in Keycloak before version 12.0.0, where it is possible to add unsafe schemes for the redirect_uri parameter. This flaw allows an malicious user to perform a Cross-site scripting attack.
Redhat Keycloak
5.5
CVSSv3
CVE-2020-1698
A flaw was found in keycloak in versions prior to 9.0.0. A logged exception in the HttpMethod class may leak the password given as parameter. The highest threat from this vulnerability is to data confidentiality.
Redhat Keycloak
3.8
CVSSv3
CVE-2023-0091
A flaw was found in Keycloak, where it did not properly check client tokens for possible revocation in its client credential flow. This flaw allows an malicious user to access or modify potentially sensitive information.
Redhat Keycloak -
7.5
CVSSv3
CVE-2021-3513
A flaw was found in keycloak where a brute force attack is possible even when the permanent lockout feature is enabled. This is due to a wrong error message displayed when wrong credentials are entered. The highest threat from this vulnerability is to confidentiality.
Redhat Keycloak
8.8
CVSSv3
CVE-2019-10199
It was found that Keycloak's account console, up to 6.0.1, did not perform adequate header checks in some requests. An attacker could use this flaw to trick an authenticated user into performing operations via request from an untrusted domain.
Redhat Keycloak
7.5
CVSSv3
CVE-2017-2646
It was found that when Keycloak prior to 2.5.5 receives a Logout request with a Extensions in the middle of the request, the SAMLSloRequestParser.parse() method ends in a infinite loop. An attacker could use this flaw to conduct denial of service attacks.
Redhat Keycloak
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322
CVE-2006-4304
wireless
CVE-2023-23022
local file inclusion
CVE-2024-27058
CVE-2024-33820
open redirect
CVE-2024-27079
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »