Lucene search
K

129 matches found

Veracode
Veracode
added 2024/10/22 7:32 a.m.3 views

Session Fixation

org.keycloak:keycloak-services is vulnerable to Session Fixation. The vulnerability is due to the session ID and JSESSIONID cookie not being changed at login time, even when the turnOffChangeSessionIdOnLogin option is configured, allowing an attacker to hijack the session before authentication...

7AI score
Exploits0
OSV
OSV
added 2024/10/14 8:55 p.m.5 views

GHSA-5RXP-2RHR-QWQV Keycloak has session fixation in Elytron SAML adapters

A session fixation issue was discovered in the SAML adapters provided by Keycloak. The session ID and JSESSIONID cookie are not changed at login time, even when the turnOffChangeSessionIdOnLogin option is configured. This flaw allows an attacker who hijacks the current session before authenticati...

7.1CVSS5.9AI score0.008EPSS
Exploits0References17
OSV
OSV
added 2024/09/09 9:31 p.m.1 views

GHSA-J76J-RQWJ-JMVV Duplicate Advisory: Keycloak Session Fixation vulnerability

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-5rxp-2rhr-qwqv. This link is maintained to preserve external references. Original Description A session fixation issue was discovered in the SAML adapters provided by Keycloak. The session ID and JSESSIONID cook...

7.5CVSS6.1AI score0.008EPSS
Exploits0References16
RedHat Linux
RedHat Linux
added 2024/09/09 4:5 p.m.10 views

wildfly-elytron: org.keycloak/keycloak-services: session fixation in elytron saml adapters

A session fixation issue was discovered in the SAML adapters provided by Keycloak. The session ID and JSESSIONID cookie are not changed at login time, even when the turnOffChangeSessionIdOnLogin option is configured. This flaw allows an attacker who hijacks the current session before authenticati...

7.1CVSS5.8AI score0.008EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2024/09/09 3:58 p.m.9 views

wildfly-elytron: org.keycloak/keycloak-services: session fixation in elytron saml adapters

A session fixation issue was discovered in the SAML adapters provided by Keycloak. The session ID and JSESSIONID cookie are not changed at login time, even when the turnOffChangeSessionIdOnLogin option is configured. This flaw allows an attacker who hijacks the current session before authenticati...

7.1CVSS5.8AI score0.008EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2024/09/09 12:0 a.m.4 views

PT-2024-38275 · Red Hat · Keycloak Saml Adapters +1

Name of the Vulnerable Software and Affected Versions: Keycloak SAML adapters affected versions not specified Description: A session fixation issue was discovered in the SAML adapters provided by Keycloak. The session ID and JSESSIONID cookie are not changed at login time, even when the...

7.5CVSS6.5AI score0.008EPSS
Exploits0References28
CNNVD
CNNVD
added 2024/06/25 12:0 a.m.4 views

udn News Information Disclosure Vulnerability

udn News is a news application from China United News udn Inc. An information disclosure vulnerability exists in udn News versions prior to 4.20.1, which stems from storing a user's session in a logcat file during user login, which can be retrieved by a malicious attacker who can use it to log in...

3.9CVSS6.1AI score0.00212EPSS
Exploits0References2
Prion
Prion
added 2023/09/12 10:15 a.m.16 views

Design/Logic Flaw

A vulnerability has been identified in QMS Automotive All versions V12.39. The affected application returns inconsistent error messages in response to invalid user credentials during login session. This allows an attacker to enumerate usernames, and identify valid usernames...

2.1CVSS4.4AI score0.00175EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2023/08/28 9:15 p.m.3 views

UBUNTU-CVE-2023-39968

jupyter-server is the backend for Jupyter web applications. Open Redirect Vulnerability. Maliciously crafted login links to known Jupyter Servers can cause successful login or an already logged-in session to be redirected to arbitrary sites, which should be restricted to Jupyter Server-served URL...

6.1CVSS6.4AI score0.00586EPSS
Exploits0References4
OSV
OSV
added 2023/08/24 4:21 a.m.32 views

RLSA-2023:4569 Moderate: dbus security update

D-Bus is a system for sending messages between applications. It is used both for the system-wide message bus service, and as a per-user-login-session messaging facility. Security Fixes: dbus: dbus-daemon: assertion failure when a monitor is active and a message from the driver cannot be delivered...

6.5CVSS7AI score0.01417EPSS
Exploits1References2
OSV
OSV
added 2023/07/12 4:15 p.m.8 views

CVE-2023-37946

Jenkins OpenShift Login Plugin 1.1.0.227.v27e08dfb1a20 and earlier does not invalidate the previous session on login...

8.8CVSS5.8AI score0.00717EPSS
Exploits0References2
Fedora
Fedora
added 2023/06/24 1:21 a.m.30 views

[SECURITY] Fedora 38 Update: mingw-dbus-1.14.8-1.fc38

D-BUS is a system for sending messages between applications. It is used both for the system wide message bus service, and as a per-user-login-session messaging facility...

6.5CVSS7.1AI score0.01417EPSS
Exploits1
OpenVAS
OpenVAS
added 2023/06/09 12:0 a.m.9 views

Fedora: Security Advisory for dbus (FEDORA-2023-c95d3f825f)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5AI score
Exploits0References2
CNNVD
CNNVD
added 2023/05/16 12:0 a.m.6 views

Jenkins WSO2 Oauth Plugin 代码问题漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...

5.4CVSS5.8AI score0.00431EPSS
Exploits0References4
CNNVD
CNNVD
added 2023/05/08 12:0 a.m.5 views

OpenProject 代码问题漏洞

OpenProject is an open source Web-based project management software . The software features project planning, task management, bug tracking and cost budgeting. A code issue vulnerability exists in OpenProject versions 7.4.0 through 12.5.4 that stems from an existing login session for a user accou...

6.5CVSS6.5AI score0.00891EPSS
Exploits1References5
CNNVD
CNNVD
added 2023/04/11 12:0 a.m.6 views

Fortinet FortiOS 安全漏洞

Fortinet FortiOS is a set of security operating system dedicated to FortiGate network security platform from American Fita Fortinet. The system provides users with a variety of security features such as firewall, antivirus, IPSec/SSLVPN, Web content filtering and anti-spam. A security vulnerabili...

8.8CVSS7.9AI score0.00405EPSS
Exploits0References2
OSV
OSV
added 2023/02/03 10:15 p.m.2 views

DEBIAN-CVE-2022-24895

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. When authenticating users Symfony by default regenerates the session ID upon login, but preserves the rest of session attributes. Because this does not clear CSRF tokens upon login, this might enable...

8.8CVSS7.1AI score0.0079EPSS
Exploits0References1
Prion
Prion
added 2023/01/26 9:18 p.m.14 views

Design/Logic Flaw

Jenkins Bitbucket OAuth Plugin 0.12 and earlier does not invalidate the previous session on login...

7.5CVSS9.5AI score0.01062EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2023/01/26 12:0 a.m.8 views

Jenkins Plugin OpenID 安全漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...

9.8CVSS8.3AI score0.01149EPSS
Exploits0References3
Cvelist
Cvelist
added 2023/01/24 12:0 a.m.32 views

CVE-2023-24426

Jenkins Azure AD Plugin 303.va91ef20ee49f and earlier does not invalidate the previous session on login...

8.9AI score0.01018EPSS
Exploits0References1
Rows per page
Query Builder