Lucene search
K

105 matches found

RedHat Linux
RedHat Linux
added last week6 views

keycloak: Keycloak Policy Enforcer: Authorization bypass via incorrect URI comparison

A flaw was found in Keycloak Policy Enforcer. This vulnerability allows any authenticated user to bypass all authorization policies, including role, scope, and User-Managed Access UMA permission checks. By including the configured access-denied page path within a request URL, either as a path...

8.1CVSS5.8AI score0.0031EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added last week4 views

keycloak: Keycloak Policy Enforcer: Authorization bypass via incorrect URI comparison

A flaw was found in Keycloak Policy Enforcer. This vulnerability allows any authenticated user to bypass all authorization policies, including role, scope, and User-Managed Access UMA permission checks. By including the configured access-denied page path within a request URL, either as a path...

8.1CVSS5.7AI score0.0031EPSS
Exploits0References4
NVD
NVD
added last week9 views

CVE-2026-9800

A flaw was found in Keycloak Policy Enforcer. This vulnerability allows any authenticated user to bypass all authorization policies, including role, scope, and User-Managed Access UMA permission checks. By including the configured access-denied page path within a request URL, either as a path...

8.1CVSS0.0031EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added last week5 views

CVE-2026-9800

A flaw was found in Keycloak Policy Enforcer. This vulnerability allows any authenticated user to bypass all authorization policies, including role, scope, and User-Managed Access UMA permission checks. By including the configured access-denied page path within a request URL, either as a path...

8.1CVSS5.8AI score0.0031EPSS
Exploits0References7
EUVD
EUVD
added last week4 views

EUVD-2026-39471

A flaw was found in Keycloak Policy Enforcer. This vulnerability allows any authenticated user to bypass all authorization policies, including role, scope, and User-Managed Access UMA permission checks. By including the configured access-denied page path within a request URL, either as a path...

8.1CVSS5.8AI score0.0031EPSS
Exploits0References4
CVE
CVE
added last week7 views

CVE-2026-9800

CVE-2026-9800 affects Keycloak Policy Enforcer. The issue allows any authenticated user to bypass authorization checks (roles, scopes, UMA) by leveraging the configured access-denied page path in the request URL, either as a path segment or a query parameter. Root cause described in records as an...

8.1CVSS5.8AI score0.0031EPSS
Exploits0References7Affected Software1
Vulnrichment
Vulnrichment
added last week7 views

CVE-2026-9800 Keycloak: keycloak policy enforcer: authorization bypass via incorrect uri comparison

A flaw was found in Keycloak Policy Enforcer. This vulnerability allows any authenticated user to bypass all authorization policies, including role, scope, and User-Managed Access UMA permission checks. By including the configured access-denied page path within a request URL, either as a path...

8.1CVSS5.8AI score0.0031EPSS
Exploits0References6
Cvelist
Cvelist
added last week32 views

CVE-2026-9800 Keycloak: keycloak policy enforcer: authorization bypass via incorrect uri comparison

A flaw was found in Keycloak Policy Enforcer. This vulnerability allows any authenticated user to bypass all authorization policies, including role, scope, and User-Managed Access UMA permission checks. By including the configured access-denied page path within a request URL, either as a path...

8.1CVSS0.0031EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added last week4 views

CVE-2026-9800

A flaw was found in Keycloak Policy Enforcer. This vulnerability allows any authenticated user to bypass all authorization policies, including role, scope, and User-Managed Access UMA permission checks. By including the configured access-denied page path within a request URL, either as a path...

8.1CVSS5.7AI score0.0031EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.6 views

PT-2026-52510

Name of the Vulnerable Software and Affected Versions Keycloak Policy Enforcer affected versions not specified Description An issue exists that allows authenticated users to bypass authorization policies, including role, scope, and User-Managed Access UMA permission checks. An attacker can gain...

8.1CVSS5.8AI score0.0031EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/05/28 12:0 a.m.27 views

CVE-2026-42999

An issue was discovered in OpenStack Keystone before 29.0.2. The Keystone RBAC policy enforcer in enforcecall unconditionally merges the raw JSON request body into the policy enforcement dictionary via policydict.updatejsoninput.copy, overwriting trusted target data that was previously set from...

6CVSS0.00329EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/05/28 12:0 a.m.5 views

CVE-2026-42999

An issue was discovered in OpenStack Keystone before 29.0.2. The Keystone RBAC policy enforcer in enforcecall unconditionally merges the raw JSON request body into the policy enforcement dictionary via policydict.updatejsoninput.copy, overwriting trusted target data that was previously set from...

6CVSS6AI score0.00329EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/28 12:0 a.m.11 views

CVE-2026-42999

An issue was discovered in OpenStack Keystone before 29.0.2. The Keystone RBAC policy enforcer in enforcecall unconditionally merges the raw JSON request body into the policy enforcement dictionary via policydict.updatejsoninput.copy, overwriting trusted target data that was previously set from...

6CVSS6AI score0.00329EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/05/28 12:0 a.m.10 views

PT-2026-44464

Name of the Vulnerable Software and Affected Versions OpenStack Keystone versions 14.0.0 through 29.0.1 Description The RBAC policy enforcer in the enforce call function unconditionally merges the raw JSON request body into the policy enforcement dictionary using policy dict.updatejson input.copy...

8.8CVSS5.4AI score0.00329EPSS
Exploits1References16
SUSE CVE
SUSE CVE
added 2026/03/31 11:27 p.m.3 views

SUSE CVE-2026-32727

SciTokens is a reference library for generating and using SciTokens. Prior to version 1.9.7, the Enforcer is vulnerable to a path traversal attack where an attacker can use dot-dot .. in the scope claim of a token to escape the intended directory restriction. This occurs because the library...

6.5CVSS5.8AI score0.00516EPSS
Exploits1References3
EUVD
EUVD
added 2026/03/31 10:51 p.m.4 views

EUVD-2026-17292

SciTokens has an Authorization Bypass via Path Traversal in Scope Validation...

8.1CVSS5.9AI score0.00516EPSS
Exploits1References5
EUVD
EUVD
added 2026/03/31 10:51 p.m.4 views

EUVD-2026-17294

SciTokens has an Authorization Bypass via Incorrect Scope Path Prefix Checking...

8.1CVSS5.9AI score0.00389EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2026/03/31 10:51 p.m.5 views

SciTokens has an Authorization Bypass via Incorrect Scope Path Prefix Checking

Summary The Enforcer incorrectly validates scope paths by using a simple prefix match startswith. This allows a token with access to a specific path e.g., /john to also access sibling paths that start with the same prefix e.g., /johnathan, /johnny, which is an Authorization Bypass. Details File:...

8.1CVSS5.9AI score0.00389EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2026/03/31 10:51 p.m.1 views

GHSA-W8FP-G9RH-34JH SciTokens has an Authorization Bypass via Incorrect Scope Path Prefix Checking

Summary The Enforcer incorrectly validates scope paths by using a simple prefix match startswith. This allows a token with access to a specific path e.g., /john to also access sibling paths that start with the same prefix e.g., /johnathan, /johnny, which is an Authorization Bypass. Details File:...

8.1CVSS5.9AI score0.00389EPSS
Exploits1References5
NVD
NVD
added 2026/03/31 3:15 a.m.5 views

CVE-2026-32727

SciTokens is a reference library for generating and using SciTokens. Prior to version 1.9.7, the Enforcer is vulnerable to a path traversal attack where an attacker can use dot-dot .. in the scope claim of a token to escape the intended directory restriction. This occurs because the library...

8.1CVSS0.00516EPSS
Exploits1References4
Rows per page
Query Builder