23 matches found
EUVD-2018-3089
Malware in sbrugna...
EUVD-2023-2025
Malicious code in bioql PyPI...
Security Bulletin: IBM Sterling Transformation Extender is vulnerable to multiple issues due to Keycloak, Swagger UI, IBM GSKit, and Apache ActiveMQ
Summary IBM Sterling Transformation Extender uses Keycloak, Swagger UI, IBM GSKit, and Apache ActiveMQ. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2023-46604 DESCRIPTION: Apache ActiveMQ and ActiveMQ Legacy OpenWire Module could allo...
keycloak: impersonation and lockout possible through incorrect handling of email trust
A flaw was found in Keycloak. This flaw allows impersonation and lockout due to the email trust not being handled correctly in Keycloak. An attacker can shadow other users with the same email and lockout or impersonate them...
keycloak: impersonation and lockout possible through incorrect handling of email trust
A flaw was found in Keycloak. This flaw allows impersonation and lockout due to the email trust not being handled correctly in Keycloak. An attacker can shadow other users with the same email and lockout or impersonate them...
keycloak: impersonation and lockout possible through incorrect handling of email trust
A flaw was found in Keycloak. This flaw allows impersonation and lockout due to the email trust not being handled correctly in Keycloak. An attacker can shadow other users with the same email and lockout or impersonate them...
keycloak: impersonation and lockout possible through incorrect handling of email trust
A flaw was found in Keycloak. This flaw allows impersonation and lockout due to the email trust not being handled correctly in Keycloak. An attacker can shadow other users with the same email and lockout or impersonate them...
RHEL 9 : Red Hat Single Sign-On 7.6.6 security update on RHEL 9 (Important) (RHSA-2023:7484)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:7484 advisory. Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single...
RHEL 8 : Red Hat Single Sign-On 7.6.6 security update on RHEL 8 (Important) (RHSA-2023:7483)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:7483 advisory. Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single...
Keycloak: Impersonation and lockout possible through incorrect handling of email trust
Impersonation and lockout are possible due to email trust not being handled correctly in Keycloak. Since the verified state is not reset when the email changes, it is possible for users to shadow others with the same email and lock out or impersonate them...
GHSA-C7XW-P58W-H6FJ Keycloak: Impersonation and lockout possible through incorrect handling of email trust
Impersonation and lockout are possible due to email trust not being handled correctly in Keycloak. Since the verified state is not reset when the email changes, it is possible for users to shadow others with the same email and lock out or impersonate them...
Insecure Permissions
org.keycloak:keycloak-parent is vulnerable to Insecure Permissions. An attacker is able to shadow other users with the same email and impersonate or lockout the victim due to the email trust not being handled correctly...
GHSA-VHVQ-JH34-3FC8 Duplicate Advisory: Keycloak allows impersonation and lockout due to email trust not being handled correctly
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-c7xw-p58w-h6fj. This link is maintained to preserve external references. Original Description A flaw was found in Keycloak. This flaw allows impersonation and lockout due to the email trust not being handled...
Duplicate Advisory: Keycloak allows impersonation and lockout due to email trust not being handled correctly
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-c7xw-p58w-h6fj. This link is maintained to preserve external references. Original Description A flaw was found in Keycloak. This flaw allows impersonation and lockout due to the email trust not being handled...
CVE-2023-0105
A flaw was found in Keycloak. This flaw allows impersonation and lockout due to the email trust not being handled correctly in Keycloak. An attacker can shadow other users with the same email and lockout or impersonate them...
CVE-2023-0105
A flaw was found in Keycloak. This flaw allows impersonation and lockout due to the email trust not being handled correctly in Keycloak. An attacker can shadow other users with the same email and lockout or impersonate them...
CVE-2023-0105
CVE-2023-0105 affects Keycloak: the vulnerability stems from incorrect handling of email trust, enabling an attacker to shadow other users with the same email and cause impersonation or lockout. The issue is documented in multiple sources (GHSA and OSV) with explicit description of impersonation/...
CVE-2023-0105
A flaw was found in Keycloak. This flaw allows impersonation and lockout due to the email trust not being handled correctly in Keycloak. An attacker can shadow other users with the same email and lockout or impersonate them...
CVE-2023-0105
A flaw was found in Keycloak. This flaw allows impersonation and lockout due to the email trust not being handled correctly in Keycloak. An attacker can shadow other users with the same email and lockout or impersonate them...
PT-2023-16014 · Red Hat · Keycloak
Name of the Vulnerable Software and Affected Versions: Keycloak affected versions not specified Description: A flaw in Keycloak allows impersonation and lockout due to incorrect handling of email trust. This issue enables an attacker to shadow other users with the same email, potentially leading ...