Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
redhat keycloak vulnerabilities and exploits
(subscribe to this query)
5.4
CVSSv3
CVE-2020-1728
A vulnerability was found in all versions of Keycloak where, the pages on the Admin Console area of the application are completely missing general HTTP security headers in HTTP-responses. This does not directly lead to a security issue, yet it might aid attackers in their efforts...
Redhat Keycloak
Quarkus Quarkus
5.4
CVSSv3
CVE-2020-1697
It was found in all keycloak versions prior to 9.0.0 that links to external applications (Application Links) in the admin console are not validated properly and could allow Stored XSS attacks. An authed malicious user could create URLs to trick users in other realms, and possibly...
Redhat Keycloak
Redhat Single Sign-on 7.3
5.4
CVSSv3
CVE-2017-12158
It was found that Keycloak would accept a HOST header URL in the admin console and use it to determine web resource locations. An attacker could use this flaw against an authenticated user to attain reflected XSS via a malicious server.
Redhat Single Sign On 7.0
Redhat Single Sign On 7.1
Keycloak Keycloak -
5.3
CVSSv3
CVE-2021-3754
A flaw was found in keycloak where an attacker is able to register himself with the username same as the email ID of any existing user. This may cause trouble in getting password recovery email in case the user forgets the password.
Redhat Keycloak -
Redhat Single Sign-on 7.0
1 Github repository
5.3
CVSSv3
CVE-2021-3424
A flaw was found in keycloak as shipped in Red Hat Single Sign-On 7.4 where IDN homograph attacks are possible. A malicious user can register himself with a name already registered and trick admin to grant him extra privileges.
Redhat Single Sign-on 7.4
5.3
CVSSv3
CVE-2020-10770
A flaw was found in Keycloak prior to 13.0.0, where it is possible to force the server to call out an unverified URL using the OIDC parameter request_uri. This flaw allows an malicious user to use this parameter to execute a Server-side request forgery (SSRF) attack.
Redhat Keycloak
2 Github repositories
5
CVSSv3
CVE-2023-0264
A flaw was found in Keycloaks OpenID Connect user authentication, which may incorrectly authenticate requests. An authenticated attacker who could obtain information from a user request within the same realm could use that data to impersonate the victim and generate new session t...
Redhat Keycloak
Redhat Single Sign-on
Redhat Openshift Container Platform 4.9
Redhat Openshift Container Platform 4.10
Redhat Openshift Container Platform For Ibm Linuxone 4.9
Redhat Openshift Container Platform For Ibm Linuxone 4.10
Redhat Openshift Container Platform Ibm Z Systems 4.9
Redhat Openshift Container Platform Ibm Z Systems 4.10
Redhat Single Sign-on -
1 Github repository
4.9
CVSSv3
CVE-2020-14302
A flaw was found in Keycloak prior to 13.0.0 where an external identity provider, after successful authentication, redirects to a Keycloak endpoint that accepts multiple invocations with the use of the same "state" parameter. This flaw allows a malicious user to perform...
Redhat Keycloak
4.9
CVSSv3
CVE-2020-1694
A flaw was found in all versions of Keycloak prior to 10.0.0, where the NodeJS adapter did not support the verify-token-audience. This flaw results in some users having access to sensitive information outside of their permissions.
Redhat Keycloak
4.9
CVSSv3
CVE-2018-10912
keycloak before version 4.0.0.final is vulnerable to a infinite loop in session replacement. A Keycloak cluster with multiple nodes could mishandle an expired session replacement and lead to an infinite loop. A malicious authenticated user could use this flaw to achieve Denial of...
Redhat Keycloak
Redhat Single Sign-on 7.2
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-3400
deserialization
CVE-2024-21788
CVE-2023-42433
CVE-2024-21841
CVE-2024-22095
local file inclusion
memory leak
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
NEXT »