Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
keycloak vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2022-3782
keycloak: path traversal via double URL encoding. A flaw was found in Keycloak, where it does not properly validate URLs included in a redirect. An attacker can use this flaw to construct a malicious request to bypass validation and access other URLs and potentially sensitive inf...
Redhat Keycloak 20.0.2
NA
CVE-2022-1970
keycloak 18.0.0: open redirect in auth endpoint via the redirect_uri parameter.
Redhat Keycloak 18.0.0
1 Github repository
NA
CVE-2023-1477
Improper Authentication vulnerability in HYPR Keycloak Authenticator Extension allows Authentication Abuse.This issue affects HYPR Keycloak Authenticator Extension: prior to 7.10.2, prior to 8.0.3.
Hypr Keycloak Authenticator
NA
CVE-2023-24456
Jenkins Keycloak Authentication Plugin 2.3.0 and previous versions does not invalidate the previous session on login.
Jenkins Keycloak Authentication
NA
CVE-2023-24457
A cross-site request forgery (CSRF) vulnerability in Jenkins Keycloak Authentication Plugin 2.3.0 and previous versions allows malicious users to trick users into logging in to the attacker's account.
Jenkins Keycloak Authentication
7.5
CVSSv2
CVE-2020-1731
A flaw was found in all versions of the Keycloak operator, before version 8.0.2,(community only) where the operator generates a random admin password when installing Keycloak, however the password remains the same when deployed to the same OpenShift namespace.
Redhat Keycloak Operator
5.8
CVSSv2
CVE-2020-1728
A vulnerability was found in all versions of Keycloak where, the pages on the Admin Console area of the application are completely missing general HTTP security headers in HTTP-responses. This does not directly lead to a security issue, yet it might aid attackers in their efforts...
Redhat Keycloak
Quarkus Quarkus
4.3
CVSSv2
CVE-2020-1758
A flaw was found in Keycloak in versions prior to 10.0.0, where it does not perform the TLS hostname verification while sending emails using the SMTP server. This flaw allows an malicious user to perform a man-in-the-middle (MITM) attack.
Redhat Keycloak
Redhat Openstack 10
NA
CVE-2022-4137
A reflected cross-site scripting (XSS) vulnerability was found in the 'oob' OAuth endpoint due to incorrect null-byte handling. This issue allows a malicious link to insert an arbitrary URI into a Keycloak error page. This flaw requires a user or administrator to intera...
Redhat Keycloak -
Redhat Single Sign-on 7.6
2.1
CVSSv2
CVE-2019-10157
It was found that Keycloak's Node.js adapter before version 4.8.3 did not properly verify the web token received from the server in its backchannel logout . An attacker with local access could use this to construct a malicious web token setting an NBF parameter that could pr...
Redhat Single Sign-on
Redhat Keycloak
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4040
privilege escalation
CVE-2024-4112
CVE-2024-32872
man-in-the-middle
CVE-2024-32788
bypass
CVE-2024-3400
CVE-2024-28976
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »