Latest high severity vulnerabilities for "redhat keycloak"

maven/org.keycloak:keycloak-servicesWildfly-elytron: org.keycloak/keycloak-services: session fixation in elytron saml adapters

high

8.1

EPSS

0.24%

First published (updated )

CVE-2024-7341

maven/org.keycloak:keycloak-coreKeycloak: amount of attributes per object is not limited and it may lead to dos

high

7.5

First published (updated )

CVE-2023-6841

Redhat Single Sign-onKeycloak: offline session token dos

high

7.7

EPSS

0.09%

First published (updated )

CVE-2023-6563

Redhat Single Sign-onKeycloak: redirect_uri validation bypass

high

7.1

First published (updated )

CVE-2023-6291

Redhat KeycloakPlaintext storage of user password

high

8.8

First published (updated )

CVE-2023-4918

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read More Start Free Trial

Redhat Openshift Container PlatformKeycloak: oauth client impersonation

high

7.1

First published (updated )

CVE-2023-2422

redhat/rh-sso7-keycloakKeycloak's OpenID Connect user authentication was found to incorrectly authenticate requests. An aut…

high

8.7

First published (updated )

CVE-2023-0264

redhat/rh-sso7-keycloakKeycloak: reflected xss attack

high

8.1

First published (updated )

CVE-2022-4137

redhat/rh-sso7-keycloakAn issue was discovered in Keycloak that allows arbitrary Javascript to be uploaded for the SAML pro…

high

7.2

First published (updated )

CVE-2022-2668

Redhat Keycloakkeycloak 18.0.0: open redirect in auth endpoint via the redirect_uri parameter.

high

7.4

First published (updated )

CVE-2022-1970

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read More Start Free Trial

Redhat Openshift Container PlatformXSS

high

7.6

First published (updated )

CVE-2022-1274

redhat/rh-sso7-keycloakA flaw was found in Keycloak version from 12.0.0 and before 15.1.1 which allows an attacker with any…

high

8.8

First published (updated )

CVE-2021-4133

redhat/rh-sso7-keycloakA flaw was found in Keycloak. This vulnerability allows anyone to register a new security device or …

high

7.5

First published (updated )

CVE-2021-3632

redhat/rh-sso7-keycloakA flaw was found in keycloak where a brute force attack is possible even when the permanent lockout …

high

7.5

First published (updated )

CVE-2021-3513

redhat/rh-sso7-keycloakA flaw was found in keycloak where keycloak may fail to logout user session if the logout request co…

high

7.1

First published (updated )

CVE-2021-3461

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read More Start Free Trial

redhat/keycloakXSS, Input Validation

high

7.5

First published (updated )

CVE-2021-20222

redhat/keycloakA flaw was found in keycloak. Directories can be created prior to the Java process creating them in …

high

7.3

First published (updated )

CVE-2021-20202

redhat/rh-sso7-keycloakA flaw was found in keycloak-model-infinispan where the authenticationSessions map in RootAuthentica…

high

7.5

First published (updated )

CVE-2021-3637

Redhat KeycloakPath Traversal

high

7.5

First published (updated )

CVE-2020-14366

redhat/rh-sso7-keycloakIt was found that Keycloak before version 12.0.0 would permit a user with only view-profile role to …

high

8.1

First published (updated )

CVE-2020-14389

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read More Start Free Trial

redhat/rh-sso7-keycloakA vulnerability was found in Keycloak before 11.0.1 where DoS attack is possible by sending twenty r…

high

7.5

First published (updated )

CVE-2020-10758

Redhat KeycloakA flaw was found in the Keycloak admin console, where the realm management interface permits a scrip…

high

7.2

First published (updated )

CVE-2019-10170

Redhat KeycloakA flaw was found in Keycloak’s user-managed access interface, where it would permit a script to be s…

high

7.2

First published (updated )

CVE-2019-10169

redhat/rh-sso7-keycloakA flaw was found in the reset credential flow in Keycloak. This flaw allows an attacker to gain unau…

high

8.8

First published (updated )

CVE-2020-1718

redhat/rh-sso7-keycloakKeycloak permits some access to a user in one realm from a user logged into another. An attacker cou…

high

7.5

First published (updated )

CVE-2019-14832

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read More Start Free Trial

redhat/keycloakCSRF

high

8.8

First published (updated )

CVE-2019-10199

Redhat Single Sign-onIt was found that Keycloak's SAML broker did not verify missing message signatures. If an attacker m…

high

8.1

First published (updated )

CVE-2019-10201

maven/org.keycloak:keycloak-commonInput Validation

high

8.8

First published (updated )

CVE-2020-1714

Redhat KeycloakA flaw was found in JBOSS Keycloak. The SAML broker consumer endpoint ignores expiration conditions …

high

8.1

First published (updated )

CVE-2018-14637

Redhat KeycloakA flaw was found in Keycloak 4.2.1.Final, 4.3.0.Final. When TOPT enabled, an improper implementation…

high

8.1

First published (updated )

CVE-2018-14657

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read More Start Free Trial

Redhat KeycloakIt was found that the keycloak before 2.3.0 did not implement authentication flow correctly. An atta…

high

8.1

First published (updated )

CVE-2016-8609

Redhat KeycloakIt was found that when Keycloak before 2.5.5 receives a Logout request with a Extensions in the midd…

high

7.5

First published (updated )

CVE-2017-2646

redhat/KeycloakIt was found that Keycloak oauth would permit an authenticated resource to obtain an access/refresh …

high

7.2

First published (updated )

CVE-2017-12160

Versions

maven/org.keycloak:keycloak-servicesWildfly-elytron: org.keycloak/keycloak-services: session fixation in elytron saml adapters

maven/org.keycloak:keycloak-coreKeycloak: amount of attributes per object is not limited and it may lead to dos

Redhat Single Sign-onKeycloak: offline session token dos

Redhat Single Sign-onKeycloak: redirect_uri validation bypass

Redhat KeycloakPlaintext storage of user password

Never miss a vulnerability like this again

Redhat Openshift Container PlatformKeycloak: oauth client impersonation

redhat/rh-sso7-keycloakKeycloak's OpenID Connect user authentication was found to incorrectly authenticate requests. An aut…

redhat/rh-sso7-keycloakKeycloak: reflected xss attack

redhat/rh-sso7-keycloakAn issue was discovered in Keycloak that allows arbitrary Javascript to be uploaded for the SAML pro…

Redhat Keycloakkeycloak 18.0.0: open redirect in auth endpoint via the redirect_uri parameter.

Never miss a vulnerability like this again

Redhat Openshift Container PlatformXSS

redhat/rh-sso7-keycloakA flaw was found in Keycloak version from 12.0.0 and before 15.1.1 which allows an attacker with any…

redhat/rh-sso7-keycloakA flaw was found in Keycloak. This vulnerability allows anyone to register a new security device or …

redhat/rh-sso7-keycloakA flaw was found in keycloak where a brute force attack is possible even when the permanent lockout …

redhat/rh-sso7-keycloakA flaw was found in keycloak where keycloak may fail to logout user session if the logout request co…

Never miss a vulnerability like this again

redhat/keycloakXSS, Input Validation

redhat/keycloakA flaw was found in keycloak. Directories can be created prior to the Java process creating them in …

redhat/rh-sso7-keycloakA flaw was found in keycloak-model-infinispan where the authenticationSessions map in RootAuthentica…

Redhat KeycloakPath Traversal

redhat/rh-sso7-keycloakIt was found that Keycloak before version 12.0.0 would permit a user with only view-profile role to …

Never miss a vulnerability like this again

redhat/rh-sso7-keycloakA vulnerability was found in Keycloak before 11.0.1 where DoS attack is possible by sending twenty r…

Redhat KeycloakA flaw was found in the Keycloak admin console, where the realm management interface permits a scrip…

Redhat KeycloakA flaw was found in Keycloak’s user-managed access interface, where it would permit a script to be s…

redhat/rh-sso7-keycloakA flaw was found in the reset credential flow in Keycloak. This flaw allows an attacker to gain unau…

redhat/rh-sso7-keycloakKeycloak permits some access to a user in one realm from a user logged into another. An attacker cou…

Never miss a vulnerability like this again

redhat/keycloakCSRF

Redhat Single Sign-onIt was found that Keycloak's SAML broker did not verify missing message signatures. If an attacker m…

maven/org.keycloak:keycloak-commonInput Validation

Redhat KeycloakA flaw was found in JBOSS Keycloak. The SAML broker consumer endpoint ignores expiration conditions …

Redhat KeycloakA flaw was found in Keycloak 4.2.1.Final, 4.3.0.Final. When TOPT enabled, an improper implementation…

Never miss a vulnerability like this again

Redhat KeycloakIt was found that the keycloak before 2.3.0 did not implement authentication flow correctly. An atta…

Redhat KeycloakIt was found that when Keycloak before 2.5.5 receives a Logout request with a Extensions in the midd…

redhat/KeycloakIt was found that Keycloak oauth would permit an authenticated resource to obtain an access/refresh …

Company

Resources

Contact