Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
keycloak vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2021-3637
A flaw was found in keycloak-model-infinispan in keycloak versions prior to 14.0.0 where authenticationSessions map in RootAuthenticationSessionEntity grows boundlessly which could lead to a DoS attack.
Redhat Keycloak
Redhat Single Sign-on 7.0
5
CVSSv2
CVE-2021-3424
A flaw was found in keycloak as shipped in Red Hat Single Sign-On 7.4 where IDN homograph attacks are possible. A malicious user can register himself with a name already registered and trick admin to grant him extra privileges.
Redhat Single Sign-on 7.4
6.8
CVSSv2
CVE-2021-20195
A flaw was found in keycloak in versions prior to 13.0.0. A Self Stored XSS attack vector escalating to a complete account takeover is possible due to user-supplied data fields not being properly encoded and Javascript code being used to process the data. The highest threat from ...
Redhat Keycloak
4.9
CVSSv2
CVE-2020-27826
A flaw was found in Keycloak before version 12.0.0 where it is possible to update the user's metadata attributes using Account REST API. This flaw allows an malicious user to change its own NameID attribute to impersonate the admin user for any particular application.
Redhat Keycloak
Redhat Single Sign-on -
Redhat Single Sign-on 7.4
Redhat Single Sign-on 7.4.4
4.6
CVSSv2
CVE-2021-20202
A flaw was found in keycloak. Directories can be created prior to the Java process creating them in the temporary directory, but with wider user permissions, allowing the malicious user to have access to the contents that keycloak stores in this directory. The highest threat from...
5.1
CVSSv2
CVE-2021-20222
A flaw was found in keycloak. The new account console in keycloak can allow malicious code to be executed using the referrer URL. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Redhat Keycloak
2.1
CVSSv2
CVE-2021-3141
In Unisys Stealth (core) prior to 6.0.025.0, the Keycloak password is stored in a recoverable format that might be accessible by a local attacker, who could gain access to the Management Server and change the Stealth configuration.
Unisys Stealth
4.6
CVSSv2
CVE-2021-20262
A flaw was found in Keycloak 12.0.0 where re-authentication does not occur while updating the password. This flaw allows an malicious user to take over an account if they can obtain temporary, physical access to a user’s browser. The highest threat from this vulnerability i...
Redhat Keycloak 12.0.0
Redhat Single Sign-on 7.0
4.3
CVSSv2
CVE-2020-27838
A flaw was found in keycloak in versions before 13.0.0. The client registration endpoint allows fetching information about PUBLIC clients (like client secret) without authentication which could be an issue if the same PUBLIC client changed to CONFIDENTIAL later. The highest threa...
Redhat Keycloak
Redhat Single Sign-on 7.0
1 Github repository
7.5
CVSSv2
CVE-2020-14359
A vulnerability was found in all versions of Keycloak Gatekeeper, where on using lower case HTTP headers (via cURL) an attacker can bypass our Gatekeeper. Lower case headers are also accepted by some webservers (e.g. Jetty). This means there is no protection when we put a Gatekee...
Redhat Louketo Proxy
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-26925
CVE-2023-41826
LFI
CVE-2022-22364
CVE-2024-2887
command injection
remote code execution
CVE-2024-34446
CVE-2022-48699
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »