49 matches found
keycloak: Uploading of SAML javascript protocol mapper scripts through the admin console
A flaw was found in keycloak. The vulnerability allows arbitrary Javascript to be uploaded for the SAML protocol mapper even if the UPLOADSCRIPTS feature is disabled...
keycloak: Uploading of SAML javascript protocol mapper scripts through the admin console
A flaw was found in keycloak. The vulnerability allows arbitrary Javascript to be uploaded for the SAML protocol mapper even if the UPLOADSCRIPTS feature is disabled...
keycloak: Uploading of SAML javascript protocol mapper scripts through the admin console
A flaw was found in keycloak. The vulnerability allows arbitrary Javascript to be uploaded for the SAML protocol mapper even if the UPLOADSCRIPTS feature is disabled...
keycloak: Uploading of SAML javascript protocol mapper scripts through the admin console
A flaw was found in keycloak. The vulnerability allows arbitrary Javascript to be uploaded for the SAML protocol mapper even if the UPLOADSCRIPTS feature is disabled...
Cross-site Scripting (XSS)
keycloak-core is vulnerable to cross-site scripting. An attacker can inject and execute malicious javascript through the SAML protocol mapper when the UPLOADSCRIPTS feature is disabled...
Keycloak allows arbitrary Javascript to be uploaded for SAML protocol mapper even if UPLOAD_SCRIPTS feature disabled
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-wf7g-7h6h-678v. This link is maintained to preserve external references. Original Description An issue was discovered in Keycloak that allows arbitrary Javascript to be uploaded for the SAML protocol mapper even...
GHSA-Q2GP-GPH3-88X9 Keycloak allows arbitrary Javascript to be uploaded for SAML protocol mapper even if UPLOAD_SCRIPTS feature disabled
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-wf7g-7h6h-678v. This link is maintained to preserve external references. Original Description An issue was discovered in Keycloak that allows arbitrary Javascript to be uploaded for the SAML protocol mapper even...
CVE-2022-2668
An issue was discovered in Keycloak that allows arbitrary Javascript to be uploaded for the SAML protocol mapper even if the UPLOADSCRIPTS feature is disabled...
CVE-2022-2668
An issue was discovered in Keycloak that allows arbitrary Javascript to be uploaded for the SAML protocol mapper even if the UPLOADSCRIPTS feature is disabled...
Authorization
An issue was discovered in Keycloak that allows arbitrary Javascript to be uploaded for the SAML protocol mapper even if the UPLOADSCRIPTS feature is disabled...
CVE-2022-2668
A flaw was found in keycloak. The vulnerability allows arbitrary Javascript to be uploaded for the SAML protocol mapper even if the UPLOADSCRIPTS feature is disabled...
PT-2022-18005 · Red Hat · Keycloak
Name of the Vulnerable Software and Affected Versions: Keycloak affected versions not specified Description: An issue was discovered in Keycloak that allows arbitrary Javascript to be uploaded for the SAML protocol mapper even if the UPLOAD SCRIPTS feature is disabled. Recommendations: At the...
Red Hat Keycloak 安全漏洞
Red Hat Keycloak is a suite of software from Red Hat, Inc. that provides authentication and management capabilities for modern applications and services. A security vulnerability exists in Red Hat Keycloak that originates from the SAML protocol mapper uploading arbitrary Javascript...
com.eurodyn.qlack2.util:qlack2-util-apache-santuario-fragment (>=2.3.3 <=2.3.19), com.eurodyn.qlack2.util:qlack2-util-sso (>=2.3.3 <=2.3.19) +10 more potentially affected by CVE-2015-5253 via org.apache.cxf:cxf-rt-rs-security-sso-saml (>=3.1.0 <=3.1.2)
org.apache.cxf:cxf-rt-rs-security-sso-saml MAVEN version =3.1.0, =2.3.3, =2.3.3, =1.3.2, =1.4.0, =1.3.2, =1.4.0, =3.1.0, =3.1.0, =2.0.3, =2.0.3, =5.2.0-RC1, =5.2.0-RC3 Source cves: CVE-2015-5253 Source advisory: OSV:GHSA-3336-H95J-HVVF...
USN-4974-1: Lasso vulnerability
It was discovered that Lasso did not properly verify that all assertions in a SAML response were properly signed. An attacker could possibly use this to impersonate users or otherwise bypass access controls...
DEBIAN-CVE-2019-3878
A vulnerability was found in modauthmellon before v0.14.2. If Apache is configured as a reverse proxy and modauthmellon is configured to only let through authenticated users with the require valid-user directive, adding special HTTP headers that are normally used to start the special SAML ECP...
keycloak: SAML request parser replaces special strings with system properties
It was found that while parsing the SAML messages the StaxParserUtil class of Picketlink replaces special strings for obtaining attribute values with system property. This could allow an attacker to determine values of system properties at the attacked system by formatting the SAML request ID fie...
Debian: Security Advisory (DLA-1298-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian DLA-1298-1 : simplesamlphp security update
Several vulnerabilities have been discovered in SimpleSAMLphp, a framework for authentication, primarily via the SAML protocol. CVE-2016-9814 & CVE-2016-9955 An incorrect check of return values in the signature validation utilities allowed an attacker to get invalid signatures accepted as valid i...
Debian DSA-4127-1 : simplesamlphp - security update
Several vulnerabilities have been discovered in SimpleSAMLphp, a framework for authentication, primarily via the SAML protocol. - CVE-2017-12867 Attackers with access to a secret token could extend its validity period by manipulating the prepended time offset. - CVE-2017-12869 When using the...