Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
keycloak keycloak vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2022-1970
keycloak 18.0.0: open redirect in auth endpoint via the redirect_uri parameter.
Redhat Keycloak 18.0.0
1 Github repository
9.8
CVSSv3
CVE-2020-1731
A flaw was found in all versions of the Keycloak operator, before version 8.0.2,(community only) where the operator generates a random admin password when installing Keycloak, however the password remains the same when deployed to the same OpenShift namespace.
Redhat Keycloak Operator
6.1
CVSSv3
CVE-2014-3652
JBoss KeyCloak: Open redirect vulnerability via failure to validate the redirect URL.
Redhat Keycloak 1.0.1
6.1
CVSSv3
CVE-2014-3656
JBoss KeyCloak: XSS in login-status-iframe.html
Redhat Jboss Keycloak -
9.1
CVSSv3
CVE-2022-3782
keycloak: path traversal via double URL encoding. A flaw was found in Keycloak, where it does not properly validate URLs included in a redirect. An attacker can use this flaw to construct a malicious request to bypass validation and access other URLs and potentially sensitive inf...
Redhat Keycloak 20.0.2
8.8
CVSSv3
CVE-2023-1477
Improper Authentication vulnerability in HYPR Keycloak Authenticator Extension allows Authentication Abuse.This issue affects HYPR Keycloak Authenticator Extension: prior to 7.10.2, prior to 8.0.3.
Hypr Keycloak Authenticator
5.4
CVSSv3
CVE-2020-1728
A vulnerability was found in all versions of Keycloak where, the pages on the Admin Console area of the application are completely missing general HTTP security headers in HTTP-responses. This does not directly lead to a security issue, yet it might aid attackers in their efforts...
Redhat Keycloak
Quarkus Quarkus
5.9
CVSSv3
CVE-2020-1758
A flaw was found in Keycloak in versions prior to 10.0.0, where it does not perform the TLS hostname verification while sending emails using the SMTP server. This flaw allows an malicious user to perform a man-in-the-middle (MITM) attack.
Redhat Keycloak
Redhat Openstack 10
6.1
CVSSv3
CVE-2022-4137
A reflected cross-site scripting (XSS) vulnerability was found in the 'oob' OAuth endpoint due to incorrect null-byte handling. This issue allows a malicious link to insert an arbitrary URI into a Keycloak error page. This flaw requires a user or administrator to intera...
Redhat Keycloak -
Redhat Single Sign-on 7.6
5.5
CVSSv3
CVE-2019-10157
It was found that Keycloak's Node.js adapter before version 4.8.3 did not properly verify the web token received from the server in its backchannel logout . An attacker with local access could use this to construct a malicious web token setting an NBF parameter that could pr...
Redhat Single Sign-on
Redhat Keycloak
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4367
CVE-2024-3611
CVE-2024-4947
CVE-2024-32988
CVE-2020-35165
local file inclusion
CVE-2024-4980
bypass
malicious code
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »