23 matches found
EUVD-2026-36029
A flaw was found in migration-planner-ui-app. An attacker can register a malicious discovery agent with a specially crafted credentialUrl containing JavaScript code. When an organizational user clicks this link in the user interface, the embedded malicious code executes within the user's browser...
CVE-2026-53473
The CVE affects the migration-planner-ui-app and describes a cross-site scripting (XSS) flaw in which an attacker can register a malicious discovery agent using a crafted credentialUrl containing JavaScript. When an organizational user clicks the link in the UI, the embedded code executes in the ...
CVE-2026-53473
A flaw was found in migration-planner-ui-app. An attacker can register a malicious discovery agent with a specially crafted credentialUrl containing JavaScript code. When an organizational user clicks this link in the user interface, the embedded malicious code executes within the user's browser...
EUVD-2019-5967
Malware in sbrugna...
elytron-oidc-client: OIDC Authorization Code Injection
A vulnerability was found in OIDC-Client. When using the RH SSO OIDC adapter with EAP 7.x or when using the elytron-oidc-client subsystem with EAP 8.x, authorization code injection attacks can occur, allowing an attacker to inject a stolen authorization code into the attacker's own session with t...
GHSA-4V5X-9M47-CQR2 Duplicate Advisory: WildFly Elytron OpenID Connect Client Extension authorization code injection attack
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-5565-3c98-g6jc. This link is maintained to preserve external references. Original Description A vulnerability was found in OIDC-Client. When using the RH SSO OIDC adapter with EAP 7.x or when using the...
CVE-2024-12369
A vulnerability was found in OIDC-Client. When using the RH SSO OIDC adapter with EAP 7.x or when using the elytron-oidc-client subsystem with EAP 8.x, authorization code injection attacks can occur, allowing an attacker to inject a stolen authorization code into the attacker's own session with t...
OIDC-Client 数据伪造问题漏洞
OIDC-Client is an IdentityModel open source library that provides OpenID Connect OIDC and OAuth2 protocol support for client-side, browser-based JavaScript client applications. OIDC-Client suffers from a data forgery issue vulnerability that stems from an authorization code injection attack that...
PT-2024-17571
Name of the Vulnerable Software and Affected Versions OIDC-Client versions prior to the fixed version EAP 7.x EAP 8.x Description A vulnerability was found in OIDC-Client, allowing authorization code injection attacks to occur when using the RH SSO OIDC adapter with EAP 7.x or the...
RHSA-2024:0798 Red Hat Security Advisory: Red Hat Single Sign-On 7.6.7 security update on RHEL 7
Bulletin has no description...
RHSA-2024:6494 Red Hat Security Advisory: Red Hat Single Sign-On 7.6.10 security update on RHEL 8
Bulletin has no description...
RHSA-2020:0946 Red Hat Security Advisory: Red Hat Single Sign-On 7.3.7 security update on RHEL 7
Bulletin has no description...
Moderate: Red Hat Security Advisory: Red Hat Single Sign-On 7.6.10 security update on RHEL 8
New Red Hat Single Sign-On 7.6.10 packages are now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
PT-2024-2635 · Red Hat · 3Scale +2
Name of the Vulnerable Software and Affected Versions: 3Scale versions used with Keycloak 15 or RHSSO 7.5.0 Description: The issue is related to incorrect handling of insufficient permissions or privileges in the 3Scale API Management software. When the auth type is set to use 3scale oidc issuer...
CVE-2022-4039
A flaw was found in Red Hat Single Sign-On for OpenShift container images, which are configured with an unsecured management interface enabled. This flaw allows an attacker to use this interface to deploy malicious code and access and modify potentially sensitive information in the app server...
Important: Red Hat Security Advisory: Red Hat Single Sign-On 7.6.2 security update on RHEL 9
New Red Hat Single Sign-On 7.6.2 packages are now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
CVE-2022-2256
A Stored Cross-site scripting XSS vulnerability was found in keycloak as shipped in Red Hat Single Sign-On 7. This flaw allows a privileged attacker to execute malicious scripts in the admin console, abusing the default roles functionality...
RHEL 6 : Red Hat Single Sign-On 7.3.8 security update on RHEL 6 (Important) (RHSA-2020:2106)
The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:2106 advisory. Red Hat Single Sign-On 7.3 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single...
CVE-2019-14843
A flaw was found in Wildfly Security Manager, running under JDK 11 or 8, that authorized requests for any requester. This flaw could be used by a malicious app deployed on the app server to access unauthorized information and possibly conduct further attacks. Versions shipped with Red Hat Jboss E...
CVE-2019-14843
A flaw was found in Wildfly Security Manager, running under JDK 11 or 8, that authorized requests for any requester. This flaw could be used by a malicious app deployed on the app server to access unauthorized information and possibly conduct further attacks. Versions shipped with Red Hat Jboss E...