Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
redhat keycloak vulnerabilities and exploits
(subscribe to this query)
3.8
CVSSv3
CVE-2023-0091
A flaw was found in Keycloak, where it did not properly check client tokens for possible revocation in its client credential flow. This flaw allows an malicious user to access or modify potentially sensitive information.
Redhat Keycloak -
7.5
CVSSv3
CVE-2021-3513
A flaw was found in keycloak where a brute force attack is possible even when the permanent lockout feature is enabled. This is due to a wrong error message displayed when wrong credentials are entered. The highest threat from this vulnerability is to confidentiality.
Redhat Keycloak
8.8
CVSSv3
CVE-2019-10199
It was found that Keycloak's account console, up to 6.0.1, did not perform adequate header checks in some requests. An attacker could use this flaw to trick an authenticated user into performing operations via request from an untrusted domain.
Redhat Keycloak
7.5
CVSSv3
CVE-2017-2646
It was found that when Keycloak prior to 2.5.5 receives a Logout request with a Extensions in the middle of the request, the SAMLSloRequestParser.parse() method ends in a infinite loop. An attacker could use this flaw to conduct denial of service attacks.
Redhat Keycloak
7.5
CVSSv3
CVE-2021-20222
A flaw was found in keycloak. The new account console in keycloak can allow malicious code to be executed using the referrer URL. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Redhat Keycloak
6.1
CVSSv3
CVE-2021-20323
A POST based reflected Cross Site Scripting vulnerability on has been identified in Keycloak.
Redhat Keycloak
4 Github repositories
4.9
CVSSv3
CVE-2020-14302
A flaw was found in Keycloak prior to 13.0.0 where an external identity provider, after successful authentication, redirects to a Keycloak endpoint that accepts multiple invocations with the use of the same "state" parameter. This flaw allows a malicious user to perform...
Redhat Keycloak
7.5
CVSSv3
CVE-2020-14366
A vulnerability was found in keycloak, where path traversal using URL-encoded path segments in the request is possible because the resources endpoint applies a transformation of the url path to the file path. Only few specific folder hierarchies can be exposed by this flaw
Redhat Keycloak
8.1
CVSSv3
CVE-2020-14389
It was found that Keycloak before version 12.0.0 would permit a user with only view-profile role to manage the resources in the new account console, allowing access and modification of data the user was not intended to have.
Redhat Keycloak
3.8
CVSSv3
CVE-2019-3868
Keycloak up to version 6.0.0 allows the end user token (access or id token JWT) to be used as the session cookie for browser sessions for OIDC. As a result an attacker with access to service provider backend could hijack user’s browser session.
Redhat Keycloak
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322
CVE-2006-4304
wireless
CVE-2023-23022
local file inclusion
CVE-2024-27058
CVE-2024-33820
open redirect
CVE-2024-27079
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »