12 matches found
com.github.wnameless.spring.boot.up:spring-boot-up-embedded-keycloak (=24.3.0.0), com.github.wnameless.spring.boot.up:spring-boot-up-keycloak-plugin (=24.3.0.0) +74 more potentially affected by CVE-2026-7307 via org.keycloak:keycloak-saml-core (>=1.2.0.CR1 <=26.6.1)
org.keycloak:keycloak-saml-core MAVEN version =1.2.0.CR1, =2.5.6-24.0, =1.0.0-25.0, =0.1.0, =2.1, =8.1, =2.1, =26.3.0, =26.1.0, =26.4.0, =26.1.0, =26.1.0, =26.1.0, =26.1.0, =26.6.0 and more Source cves: CVE-2026-7307https://vulners.com/cve/CVE-20...
Improper Validation of Syntactic Correctness of Input
Overview org.keycloak:keycloak-saml-core is an Identity and Access Management plugin for Keycloak. Affected versions of this package are vulnerable to Improper Validation of Syntactic Correctness of Input in the SAMLParser and SAML11ParserUtil code paths that handle SAML 1.1 assertions and protoc...
org.keycloak:keycloak-saml-adapter-galleon-pack (>=21.1.0 <=26.5.3), org.keycloak:keycloak-saml-jakarta-servlet-filter-adapter (>=21.1.0 <=22.0.4) +31 more potentially affected by CVE-2026-2575 via org.keycloak:keycloak-saml-adapter-core (>=1.6.0.Final <=26.5.3)
org.keycloak:keycloak-saml-adapter-core MAVEN version =1.6.0.Final, =21.1.0, =21.1.0, =1.6.0.Final, =1.6.0.Final, =1.6.0.Final, =1.6.0.Final, =1.6.0.Final, =1.6.0.Final, =20.0.0, =20.0.0, =1.6.0.Final, =20.0.0, =1.6.0.Final, =20.0.0, =1.6.0.Final, =1.9.8.Final and more Source cves: CVE-2026-2575...
com.github.wnameless.spring.boot.up:spring-boot-up-embedded-keycloak (=24.3.0.0), com.github.wnameless.spring.boot.up:spring-boot-up-keycloak-plugin (=24.3.0.0) +71 more potentially affected by CVE-2026-2575 via org.keycloak:keycloak-saml-core (>=1.2.0.CR1 <=26.5.3)
org.keycloak:keycloak-saml-core MAVEN version =1.2.0.CR1, =2.5.6-24.0, =1.0.0-25.0, =0.1.0, =2.1, =8.1, =2.1, =26.3.0, =26.1.0, =26.4.0, =26.1.0, =26.1.0, =26.1.0, =26.1.0, =26.5.3 and more Source cves: CVE-2026-2575https://vulners.com/cve/CVE-20...
CVE-2026-3047
A flaw was found in org.keycloak.broker.saml. When a disabled Security Assertion Markup Language SAML client is configured as an Identity Provider IdP-initiated broker landing target, it can still complete the login process and establish a Single Sign-On SSO session. This allows a remote attacker...
Improper Handling of Highly Compressed Data (Data Amplification)
Overview org.keycloak:keycloak-saml-core is an Identity and Access Management plugin for Keycloak. Affected versions of this package are vulnerable to Improper Handling of Highly Compressed Data Data Amplification via the SAMLRequest DEFLATE decompression. An attacker can cause service disruption...
Improper Handling of Highly Compressed Data (Data Amplification)
Overview Affected versions of this package are vulnerable to Improper Handling of Highly Compressed Data Data Amplification via the SAMLRequest DEFLATE decompression. An attacker can cause service disruption by sending a highly compressed requests that trigger excessive resource consumption durin...
EUVD-2019-0650
Malware in sbrugna...
EUVD-2022-5865
Malicious code in bioql PyPI...
GHSA-J76J-RQWJ-JMVV Duplicate Advisory: Keycloak Session Fixation vulnerability
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-5rxp-2rhr-qwqv. This link is maintained to preserve external references. Original Description A session fixation issue was discovered in the SAML adapters provided by Keycloak. The session ID and JSESSIONID cook...
PT-2024-38275 · Red Hat · Keycloak Saml Adapters +1
Name of the Vulnerable Software and Affected Versions: Keycloak SAML adapters affected versions not specified Description: A session fixation issue was discovered in the SAML adapters provided by Keycloak. The session ID and JSESSIONID cookie are not changed at login time, even when the...
Information Disclosure
keycloak-saml-core is vulnerable to sensitive information disclosure. The attack exists because SAML messages are being parsed by replacing the string to obtain the attribute values with the system property in StaxParserUtil class. Therefore, attacker can just parse the chosen system property nam...