Lucene search
K

49 matches found

RedHat Linux
RedHat Linux
added 2022/11/03 3:14 p.m.15 views

keycloak: Uploading of SAML javascript protocol mapper scripts through the admin console

A flaw was found in keycloak. The vulnerability allows arbitrary Javascript to be uploaded for the SAML protocol mapper even if the UPLOADSCRIPTS feature is disabled...

7.2CVSS5.8AI score0.00834EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2022/11/03 2:54 p.m.5 views

keycloak: Uploading of SAML javascript protocol mapper scripts through the admin console

A flaw was found in keycloak. The vulnerability allows arbitrary Javascript to be uploaded for the SAML protocol mapper even if the UPLOADSCRIPTS feature is disabled...

7.2CVSS5.8AI score0.00834EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2022/10/04 3:53 p.m.4 views

keycloak: Uploading of SAML javascript protocol mapper scripts through the admin console

A flaw was found in keycloak. The vulnerability allows arbitrary Javascript to be uploaded for the SAML protocol mapper even if the UPLOADSCRIPTS feature is disabled...

7.2CVSS5.8AI score0.00834EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2022/10/04 3:35 p.m.8 views

keycloak: Uploading of SAML javascript protocol mapper scripts through the admin console

A flaw was found in keycloak. The vulnerability allows arbitrary Javascript to be uploaded for the SAML protocol mapper even if the UPLOADSCRIPTS feature is disabled...

7.2CVSS5.8AI score0.00834EPSS
Exploits0References5
Veracode
Veracode
added 2022/08/08 3:14 a.m.43 views

Cross-site Scripting (XSS)

keycloak-core is vulnerable to cross-site scripting. An attacker can inject and execute malicious javascript through the SAML protocol mapper when the UPLOADSCRIPTS feature is disabled...

7.2CVSS8AI score0.00834EPSS
Exploits0References2Affected Software2
Github Security Blog
Github Security Blog
added 2022/08/06 12:0 a.m.21 views

Keycloak allows arbitrary Javascript to be uploaded for SAML protocol mapper even if UPLOAD_SCRIPTS feature disabled

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-wf7g-7h6h-678v. This link is maintained to preserve external references. Original Description An issue was discovered in Keycloak that allows arbitrary Javascript to be uploaded for the SAML protocol mapper even...

7.2CVSS7.2AI score0.00834EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2022/08/06 12:0 a.m.1 views

GHSA-Q2GP-GPH3-88X9 Keycloak allows arbitrary Javascript to be uploaded for SAML protocol mapper even if UPLOAD_SCRIPTS feature disabled

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-wf7g-7h6h-678v. This link is maintained to preserve external references. Original Description An issue was discovered in Keycloak that allows arbitrary Javascript to be uploaded for the SAML protocol mapper even...

7.2CVSS5.8AI score0.00834EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2022/08/05 5:15 p.m.2 views

CVE-2022-2668

An issue was discovered in Keycloak that allows arbitrary Javascript to be uploaded for the SAML protocol mapper even if the UPLOADSCRIPTS feature is disabled...

7.2CVSS6.9AI score0.00834EPSS
Exploits0References2
OSV
OSV
added 2022/08/05 5:15 p.m.40 views

CVE-2022-2668

An issue was discovered in Keycloak that allows arbitrary Javascript to be uploaded for the SAML protocol mapper even if the UPLOADSCRIPTS feature is disabled...

7.2CVSS6.7AI score0.00834EPSS
Exploits0References1
Prion
Prion
added 2022/08/05 5:15 p.m.19 views

Authorization

An issue was discovered in Keycloak that allows arbitrary Javascript to be uploaded for the SAML protocol mapper even if the UPLOADSCRIPTS feature is disabled...

5.8CVSS8AI score0.00834EPSS
Exploits0References1Affected Software2
RedhatCVE
RedhatCVE
added 2022/08/05 6:36 a.m.154 views

CVE-2022-2668

A flaw was found in keycloak. The vulnerability allows arbitrary Javascript to be uploaded for the SAML protocol mapper even if the UPLOADSCRIPTS feature is disabled...

6.4CVSS2.1AI score0.00834EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2022/08/05 12:0 a.m.3 views

PT-2022-18005 · Red Hat · Keycloak

Name of the Vulnerable Software and Affected Versions: Keycloak affected versions not specified Description: An issue was discovered in Keycloak that allows arbitrary Javascript to be uploaded for the SAML protocol mapper even if the UPLOAD SCRIPTS feature is disabled. Recommendations: At the...

7.2CVSS6.3AI score0.00834EPSS
Exploits0References11
CNNVD
CNNVD
added 2022/08/04 12:0 a.m.37 views

Red Hat Keycloak 安全漏洞

Red Hat Keycloak is a suite of software from Red Hat, Inc. that provides authentication and management capabilities for modern applications and services. A security vulnerability exists in Red Hat Keycloak that originates from the SAML protocol mapper uploading arbitrary Javascript...

7.2CVSS6.8AI score0.00834EPSS
Exploits0References9
vulnersOsv
vulnersOsv
added 2022/05/13 1:9 a.m.5 views

com.eurodyn.qlack2.util:qlack2-util-apache-santuario-fragment (>=2.3.3 <=2.3.19), com.eurodyn.qlack2.util:qlack2-util-sso (>=2.3.3 <=2.3.19) +10 more potentially affected by CVE-2015-5253 via org.apache.cxf:cxf-rt-rs-security-sso-saml (>=3.1.0 <=3.1.2)

org.apache.cxf:cxf-rt-rs-security-sso-saml MAVEN version =3.1.0, =2.3.3, =2.3.3, =1.3.2, =1.4.0, =1.3.2, =1.4.0, =3.1.0, =3.1.0, =2.0.3, =2.0.3, =5.2.0-RC1, =5.2.0-RC3 Source cves: CVE-2015-5253 Source advisory: OSV:GHSA-3336-H95J-HVVF...

4CVSS7.2AI score0.05696EPSS
Exploits0
Ubuntu
Ubuntu
added 2021/06/02 3:15 a.m.153 views

USN-4974-1: Lasso vulnerability

It was discovered that Lasso did not properly verify that all assertions in a SAML response were properly signed. An attacker could possibly use this to impersonate users or otherwise bypass access controls...

7.5CVSS7.2AI score0.01325EPSS
Exploits0
OSV
OSV
added 2019/03/26 6:29 p.m.2 views

DEBIAN-CVE-2019-3878

A vulnerability was found in modauthmellon before v0.14.2. If Apache is configured as a reverse proxy and modauthmellon is configured to only let through authenticated users with the require valid-user directive, adding special HTTP headers that are normally used to start the special SAML ECP...

8.1CVSS7.6AI score0.02969EPSS
Exploits1References1
RedHat Linux
RedHat Linux
added 2019/01/22 4:30 p.m.4 views

keycloak: SAML request parser replaces special strings with system properties

It was found that while parsing the SAML messages the StaxParserUtil class of Picketlink replaces special strings for obtaining attribute values with system property. This could allow an attacker to determine values of system properties at the attacked system by formatting the SAML request ID fie...

6.5CVSS6.6AI score0.02457EPSS
Exploits0References4
OpenVAS
OpenVAS
added 2018/03/26 12:0 a.m.22 views

Debian: Security Advisory (DLA-1298-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.1CVSS7.2AI score0.02424EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2018/03/06 12:0 a.m.26 views

Debian DLA-1298-1 : simplesamlphp security update

Several vulnerabilities have been discovered in SimpleSAMLphp, a framework for authentication, primarily via the SAML protocol. CVE-2016-9814 & CVE-2016-9955 An incorrect check of return values in the signature validation utilities allowed an attacker to get invalid signatures accepted as valid i...

9.1CVSS7.5AI score0.02424EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2018/03/05 12:0 a.m.36 views

Debian DSA-4127-1 : simplesamlphp - security update

Several vulnerabilities have been discovered in SimpleSAMLphp, a framework for authentication, primarily via the SAML protocol. - CVE-2017-12867 Attackers with access to a secret token could extend its validity period by manipulating the prepended time offset. - CVE-2017-12869 When using the...

9.8CVSS7.4AI score0.03111EPSS
Exploits1References23
Rows per page
Query Builder