Lucene search
K

8 matches found

RedHat Linux
RedHat Linux
added 2026/06/25 5:36 p.m.4 views

keycloak: org.keycloak.protocol.oidc.grants.ciba: Keycloak: Information disclosure via CORS header injection due to unvalidated JWT azp claim

A flaw was found in Keycloak. A remote attacker can exploit a Cross-Origin Resource Sharing CORS header injection vulnerability in Keycloak's User-Managed Access UMA token endpoint. This flaw occurs because the azp claim from a client-supplied JSON Web Token JWT is used to set the...

5.3CVSS5.8AI score0.00253EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/06/10 5:38 p.m.14 views

keycloak: org.keycloak.protocol.oidc.grants.ciba: Keycloak: Information disclosure via CORS header injection due to unvalidated JWT azp claim

A flaw was found in Keycloak. A remote attacker can exploit a Cross-Origin Resource Sharing CORS header injection vulnerability in Keycloak's User-Managed Access UMA token endpoint. This flaw occurs because the azp claim from a client-supplied JSON Web Token JWT is used to set the...

5.3CVSS5.5AI score0.00253EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/04/06 9:31 a.m.5 views

Keycloak vulnerable to information disclosure via CORS header injection due to unvalidated JWT azp claim

A flaw was found in Keycloak. A remote attacker can exploit a Cross-Origin Resource Sharing CORS header injection vulnerability in Keycloak's User-Managed Access UMA token endpoint. This flaw occurs because the azp claim from a client-supplied JSON Web Token JWT is used to set the...

5.3CVSS5.9AI score0.00253EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/06 8:38 a.m.1 views

CVE-2026-37977 Keycloak: org.keycloak.protocol.oidc.grants.ciba: keycloak: information disclosure via cors header injection due to unvalidated jwt azp claim

A flaw was found in Keycloak. A remote attacker can exploit a Cross-Origin Resource Sharing CORS header injection vulnerability in Keycloak's User-Managed Access UMA token endpoint. This flaw occurs because the azp claim from a client-supplied JSON Web Token JWT is used to set the...

3.7CVSS5.9AI score0.00253EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/04/06 8:38 a.m.32 views

CVE-2026-37977 Keycloak: org.keycloak.protocol.oidc.grants.ciba: keycloak: information disclosure via cors header injection due to unvalidated jwt azp claim

A flaw was found in Keycloak. A remote attacker can exploit a Cross-Origin Resource Sharing CORS header injection vulnerability in Keycloak's User-Managed Access UMA token endpoint. This flaw occurs because the azp claim from a client-supplied JSON Web Token JWT is used to set the...

3.7CVSS0.00253EPSS
Exploits0References6
CVE
CVE
added 2026/04/06 8:38 a.m.23 views

CVE-2026-37977

CVE-2026-37977 affects Keycloak’s User-Managed Access (UMA) token endpoint. A flaw in CORS handling arises when the azp claim from a client-supplied JWT is used to set the Access-Control-Allow-Origin header before JWT validation, allowing an attacker-controlled origin to be reflected in responses...

5.3CVSS5.9AI score0.00253EPSS
Exploits0References6Affected Software1
EUVD
EUVD
added 2026/03/11 12:17 a.m.7 views

EUVD-2026-10869

Parse Server missing audience validation in Keycloak authentication adapter...

7.6CVSS5.8AI score0.00426EPSS
Exploits0References4
EUVD
EUVD
added 2026/03/11 12:17 a.m.12 views

EUVD-2026-10868

Parse Server missing audience validation in Keycloak authentication adapter...

8.8CVSS5.8AI score0.00426EPSS
Exploits0References4
Rows per page
Query Builder