12 matches found
org.keycloak.protocol.oidc: Blind Server-Side Request Forgery (SSRF) in Keycloak OIDC Dynamic Client Registration via jwks_uri
A flaw was identified in Keycloak’s OpenID Connect Dynamic Client Registration feature when clients authenticate using privatekeyjwt. The issue allows a client to specify an arbitrary jwksuri, which Keycloak then retrieves without validating the destination. This enables attackers to coerce the...
Keycloak’s OpenID Connect Dynamic Client Registration feature affected by Server-Side Request Forgery (SSRF)
A flaw was identified in Keycloak’s OpenID Connect Dynamic Client Registration feature when clients authenticate using privatekeyjwt. The issue allows a client to specify an arbitrary jwksuri, which Keycloak then retrieves without validating the destination. This enables attackers to coerce the...
GHSA-7VW6-5Q2F-7W5R Keycloak’s OpenID Connect Dynamic Client Registration feature affected by Server-Side Request Forgery (SSRF)
A flaw was identified in Keycloak’s OpenID Connect Dynamic Client Registration feature when clients authenticate using privatekeyjwt. The issue allows a client to specify an arbitrary jwksuri, which Keycloak then retrieves without validating the destination. This enables attackers to coerce the...
CVE-2026-1180
CVE-2026-1180 describes a SSRF risk in Keycloak’s OpenID Connect Dynamic Client Registration when using private_key_jwt. A client can specify an arbitrary jwks_uri, and Keycloak fetches it without validating the destination, potentially making HTTP requests to internal or restricted network resou...
CVE-2026-1180 Org.keycloak.protocol.oidc: blind server-side request forgery (ssrf) in keycloak oidc dynamic client registration via jwks_uri
A flaw was identified in Keycloak’s OpenID Connect Dynamic Client Registration feature when clients authenticate using privatekeyjwt. The issue allows a client to specify an arbitrary jwksuri, which Keycloak then retrieves without validating the destination. This enables attackers to coerce the...
EUVD-2025-5571
Malicious code in bioql PyPI...
CVE-2025-27370
OpenID Connect Core through 1.0 errata set 2 allows audience injection in certain situations. When the privatekeyjwt authentication mechanism is used, a malicious Authorization Server could trick a Client into writing attacker-controlled values into the audience, including token endpoints or issu...
CVE-2025-27370
OpenID Connect Core through 1.0 errata set 2 allows audience injection in certain situations. When the privatekeyjwt authentication mechanism is used, a malicious Authorization Server could trick a Client into writing attacker-controlled values into the audience, including token endpoints or issu...
OpenID Connect Core 安全漏洞
OpenID Connect Core is a simple identity layer on top of the OAuth 2.0 protocol from the OpenID Foundation. A security vulnerability exists in OpenID Connect Core version 1.0. An attacker can exploit this vulnerability to impersonate a client using a private key JWT...
CVE-2025-27370
OpenID Connect Core through 1.0 errata set 2 allows audience injection in certain situations. When the privatekeyjwt authentication mechanism is used, a malicious Authorization Server could trick a Client into writing attacker-controlled values into the audience, including token endpoints or issu...
CVE-2025-27370
OpenID Connect Core through 1.0 errata set 2 allows audience injection in certain situations. When the privatekeyjwt authentication mechanism is used, a malicious Authorization Server could trick a Client into writing attacker-controlled values into the audience, including token endpoints or issu...
CVE-2025-27370
CVE-2025-27370 concerns OpenID Connect Core through 1.0 errata set 2. when private_key_jwt authentication is used, an attacker-controlled Authorization Server can induce a Client to accept a manipulated audience value (e.g., other token endpoints or issuer identifiers). This audience injection co...