Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Red Hat Build Of Keycloak 22.0.10 Security Vulnerabilities

cve
cve

CVE-2023-6717

A flaw was found in the SAML client registration in Keycloak that could allow an administrator to register malicious JavaScript URIs as Assertion Consumer Service POST Binding URLs (ACS), posing a Cross-Site Scripting (XSS) risk. This issue may allow a malicious admin in one realm or a client with....

6CVSS

5.5AI Score

0.0004EPSS

2024-04-25 04:15 PM
135
cve
cve

CVE-2023-6544

A flaw was found in the Keycloak package. This issue occurs due to a permissive regular expression hardcoded for filtering which allows hosts to register a dynamic client. A malicious user with enough information about the environment could jeopardize an environment with this specific Dynamic...

5.4CVSS

5.8AI Score

0.0004EPSS

2024-04-25 04:15 PM
114
cve
cve

CVE-2023-6787

A flaw was found in Keycloak that occurs from an error in the re-authentication mechanism within org.keycloak.authentication. This flaw allows hijacking an active Keycloak session by triggering a new authentication process with the query parameter "prompt=login," prompting the user to re-enter...

6.5CVSS

6.4AI Score

0.0004EPSS

2024-04-25 04:15 PM
85
cve
cve

CVE-2023-6484

A log injection flaw was found in Keycloak. A text string may be injected through the authentication form when using the WebAuthn authentication mode. This issue may have a minor impact to the logs...

5.3CVSS

5.2AI Score

0.0005EPSS

2024-04-25 04:15 PM
67
cve
cve

CVE-2023-3597

A flaw was found in Keycloak, where it does not correctly validate its client step-up authentication in org.keycloak.authentication. This flaw allows a remote user authenticated with a password to register a false second authentication factor along with an existing one and bypass...

5CVSS

6.6AI Score

0.0004EPSS

2024-04-25 01:15 PM
78
cve
cve

CVE-2024-1249

A flaw was found in Keycloak's OIDC component in the "checkLoginIframe," which allows unvalidated cross-origin messages. This flaw allows attackers to coordinate and send millions of requests in seconds using simple code, significantly impacting the application's availability without proper origin....

7.4CVSS

6.1AI Score

0.0004EPSS

2024-04-17 02:15 PM
246
cve
cve

CVE-2024-1132

A flaw was found in Keycloak, where it does not properly validate URLs included in a redirect. This issue could allow an attacker to construct a malicious request to bypass validation and access other URLs and sensitive information within the domain or conduct further attacks. This flaw affects...

8.1CVSS

5.7AI Score

0.0005EPSS

2024-04-17 02:15 PM
143