Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
redhat keycloak - vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2022-2256
A Stored Cross-site scripting (XSS) vulnerability was found in keycloak as shipped in Red Hat Single Sign-On 7. This flaw allows a privileged malicious user to execute malicious scripts in the admin console, abusing the default roles functionality.
Redhat Single Sign-on 7.0
NA
CVE-2022-0225
A flaw was found in Keycloak. This flaw allows a privileged malicious user to use the malicious payload as the group name while creating a new group from the admin console, leading to a stored Cross-site scripting (XSS) attack.
Redhat Keycloak -
Redhat Single Sign-on 7.0
NA
CVE-2021-3856
ClassLoaderTheme and ClasspathThemeResourceProviderFactory allows reading any file available as a resource to the classloader. By sending requests for theme resources with a relative path from an external HTTP client, the client will receive the content of random files if availab...
Redhat Keycloak
NA
CVE-2021-3632
A flaw was found in Keycloak. This vulnerability allows anyone to register a new security device or key when there is not a device already registered for any user by using the WebAuthn password-less login flow.
Redhat Single Sign-on 7.0
Redhat Keycloak
Redhat Single Sign-on
NA
CVE-2021-3754
A flaw was found in keycloak where an attacker is able to register himself with the username same as the email ID of any existing user. This may cause trouble in getting password recovery email in case the user forgets the password.
Redhat Keycloak -
Redhat Single Sign-on 7.0
1 Github repository
NA
CVE-2021-3827
A flaw was found in keycloak, where the default ECP binding flow allows other authentication flows to be bypassed. By exploiting this behavior, an attacker can bypass the MFA authentication by sending a SOAP request with an AuthnRequest and Authorization header with the user'...
Redhat Single Sign-on 7.0
Redhat Keycloak
Redhat Single Sign-on 7.5.0
Redhat Openshift Container Platform 4.8
Redhat Openshift Container Platform 4.9
NA
CVE-2020-35509
A flaw was found in keycloak affecting versions 11.0.3 and 12.0.0. An expired certificate would be accepted by the direct-grant authenticator because of missing time stamp validations. The highest threat from this vulnerability is to data confidentiality and integrity.
Redhat Keycloak 12.0.0
Redhat Keycloak 11.0.3
NA
CVE-2021-3513
A flaw was found in keycloak where a brute force attack is possible even when the permanent lockout feature is enabled. This is due to a wrong error message displayed when wrong credentials are entered. The highest threat from this vulnerability is to confidentiality.
Redhat Keycloak
NA
CVE-2022-2668
An issue exists in Keycloak that allows arbitrary Javascript to be uploaded for the SAML protocol mapper even if the UPLOAD_SCRIPTS feature is disabled
Redhat Single Sign-on 7.0
Redhat Keycloak 18.0.0
7.5
CVSSv2
CVE-2022-1245
A privilege escalation flaw was found in the token exchange feature of keycloak. Missing authorization allows a client application holding a valid access token to exchange tokens for any target client by passing the client_id of the target. This could allow a client to gain unaut...
Redhat Keycloak
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereference
CVE-2023-52689
CVE-2024-23803
client side
CVE-2023-52696
information disclosure
CVE-2024-35843
CVE-2024-27130
CVE-2023-52697
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »