2 matches found
org.keycloak.testframework:keycloak-test-framework-clustering (>=26.3.0 <=26.4.3), org.keycloak.testframework:keycloak-test-framework-core (>=26.1.0 <=26.4.3) +17 more potentially affected by CVE-2025-11538 via org.keycloak:keycloak-quarkus-dist (>=17.0.0 <=26.4.3)
org.keycloak:keycloak-quarkus-dist MAVEN version =17.0.0, =26.3.0, =26.1.0, =26.4.0, =26.1.0, =26.1.0, =26.1.0, =26.1.0, =26.1.0, =26.4.0, =26.1.0, =26.2.0, =26.2.0, =26.1.0, =26.1.0, =26.1.0, =26.4.3...
CVE-2025-11538
A vulnerability exists in Keycloak's server distribution where enabling debug mode --debug insecurely defaults to binding the Java Debug Wire Protocol JDWP port to all network interfaces 0.0.0.0. This exposes the debug port to the local network, allowing an attacker on the same network segment to...