Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
redhat keycloak vulnerabilities and exploits
(subscribe to this query)
3.5
CVSSv2
CVE-2017-12158
It was found that Keycloak would accept a HOST header URL in the admin console and use it to determine web resource locations. An attacker could use this flaw against an authenticated user to attain reflected XSS via a malicious server.
Redhat Single Sign On 7.0
Redhat Single Sign On 7.1
Keycloak Keycloak -
3.3
CVSSv2
CVE-2021-3461
A flaw was found in keycloak where keycloak may fail to logout user session if the logout request comes from external SAML identity provider and Principal Type is set to Attribute [Name].
Redhat Keycloak 9.0.13
Redhat Single Sign-on 7.0
Redhat Single Sign-on 7.4
Redhat Single Sign-on 7.4.7
2.1
CVSSv2
CVE-2020-10734
A vulnerability was found in keycloak in the way that the OIDC logout endpoint does not have CSRF protection. Versions shipped with Red Hat Fuse 7, Red Hat Single Sign-on 7, and Red Hat Openshift Application Runtimes are believed to be vulnerable.
Redhat Keycloak -
Redhat Jboss Fuse 7.0.0
Redhat Openshift Application Runtimes -
Redhat Single Sign-on 7.0
2.1
CVSSv2
CVE-2020-1698
A flaw was found in keycloak in versions prior to 9.0.0. A logged exception in the HttpMethod class may leak the password given as parameter. The highest threat from this vulnerability is to data confidentiality.
Redhat Keycloak
2.1
CVSSv2
CVE-2019-10157
It was found that Keycloak's Node.js adapter before version 4.8.3 did not properly verify the web token received from the server in its backchannel logout . An attacker with local access could use this to construct a malicious web token setting an NBF parameter that could pr...
Redhat Single Sign-on
Redhat Keycloak
NA
CVE-2023-6291
A flaw was found in the redirect_uri validation logic in Keycloak. This issue may allow a bypass of otherwise explicitly allowed hosts. A successful attack may lead to an access token being stolen, making it possible for the malicious user to impersonate other users.
Redhat Single Sign-on -
Redhat Keycloak
Redhat Openshift Container Platform 4.11
Redhat Openshift Container Platform 4.12
Redhat Openshift Container Platform For Ibm Z 4.9
Redhat Openshift Container Platform For Ibm Z 4.10
Redhat Openshift Container Platform For Linuxone 4.9
Redhat Openshift Container Platform For Linuxone 4.10
Redhat Openshift Container Platform For Power 4.9
Redhat Openshift Container Platform For Power 4.10
Redhat Single Sign-on 7.6
Redhat Migration Toolkit For Applications 6.0
Redhat Migration Toolkit For Applications 7.0
NA
CVE-2023-6927
A flaw was found in Keycloak. This issue may allow an malicious user to steal authorization codes or tokens from clients using a wildcard in the JARM response mode "form_post.jwt" which could be used to bypass the security patch implemented to address CVE-2023-6134.
Redhat Keycloak -
Redhat Single Sign-on 7.0
NA
CVE-2023-48795
The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH prior to 9.6 and other products, allows remote malicious users to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may conseque...
Openbsd Openssh
Putty Putty
Filezilla-project Filezilla Client
Microsoft Powershell
Panic Transmit 5
Panic Nova
Roumenpetrov Pkixssh
Winscp Winscp
Bitvise Ssh Client
Bitvise Ssh Server
Lancom-systems Lcos
Lancom-systems Lcos Fx -
Lancom-systems Lcos Lx -
Lancom-systems Lcos Sx 5.20
Lancom-systems Lcos Sx 4.20
Lancom-systems Lanconfig -
Vandyke Securecrt
Libssh Libssh
Net-ssh Net-ssh 7.2.0
Ssh2 Project Ssh2
Proftpd Proftpd
Freebsd Freebsd
9 Github repositories
1 Article
NA
CVE-2023-6134
A flaw was found in Keycloak that prevents certain schemes in redirects, but permits them if a wildcard is appended to the token. This issue could allow an malicious user to submit a specially crafted request leading to cross-site scripting (XSS) or further attacks. This flaw is ...
Redhat Single Sign-on
Redhat Keycloak
Redhat Openshift Container Platform 4.11
Redhat Openshift Container Platform 4.12
Redhat Openshift Container Platform For Power 4.9
Redhat Openshift Container Platform For Power 4.10
Redhat Openshift Container Platform Ibm Z Systems 4.9
Redhat Openshift Container Platform Ibm Z Systems 4.10
Redhat Single Sign-on -
NA
CVE-2023-6563
An unconstrained memory consumption vulnerability exists in Keycloak. It can be triggered in environments which have millions of offline tokens (> 500,000 users with each having at least 2 saved sessions). If an attacker creates two or more user sessions and then open the &quo...
Redhat Keycloak
Redhat Single Sign-on 7.6
Redhat Single Sign-on -
Redhat Openshift Container Platform 4.11
Redhat Openshift Container Platform 4.12
Redhat Openshift Container Platform For Power 4.9
Redhat Openshift Container Platform For Power 4.10
Redhat Openshift Container Platform For Ibm Linuxone 4.9
Redhat Openshift Container Platform For Ibm Linuxone 4.10
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-32976
CVE-2024-33557
CVE-2024-36801
CVE-2024-35654
authentication bypass
CVE-2024-24919
CSRF
code execution
CVE-2024-27348
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »