Lucene search
K

10 matches found

Snyk
Snyk
added 2026/04/13 12:0 a.m.7 views

Improper Certificate Validation

Overview org.keycloak:keycloak-services is an open source identity and access management solution for modern applications and services. Affected versions of this package are vulnerable to Improper Certificate Validation via packed self-attestation in WebAuthn registration. An attacker can bypass...

3.1CVSS5.8AI score
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/02/27 9:30 a.m.9 views

Keycloak REST Services has a WebAuthn Attestation Statement Verification Bypass

A flaw was found in Keycloak’s WebAuthn registration component. This vulnerability allows an attacker to bypass the configured attestation policy and register untrusted or forged authenticators via submission of an attestation object with fmt: "none", even when the realm is configured to require...

3.1CVSS5.8AI score0.00202EPSS
Exploits0References11Affected Software1
OSV
OSV
added 2026/02/27 9:30 a.m.5 views

GHSA-7G5X-9C4V-4W5R Keycloak REST Services has a WebAuthn Attestation Statement Verification Bypass

A flaw was found in Keycloak’s WebAuthn registration component. This vulnerability allows an attacker to bypass the configured attestation policy and register untrusted or forged authenticators via submission of an attestation object with fmt: "none", even when the realm is configured to require...

3.1CVSS5.8AI score0.00202EPSS
Exploits0References11
CVE
CVE
added 2026/02/27 8:10 a.m.44 views

CVE-2025-12150

Keycloak WebAuthn registration component is affected by CVE-2025-12150. An attacker can bypass the realm’s attestation policy by submitting an attestation object with fmt: "none", enabling registration of untrusted/ forged authenticators and weakening authentication integrity. The issue arises de...

3.1CVSS5.8AI score0.00202EPSS
Exploits0References7Affected Software2
Vulnrichment
Vulnrichment
added 2026/02/27 8:10 a.m.3 views

CVE-2025-12150 Org.keycloak/keycloak-services: webauthn attestation statement verification bypass

A flaw was found in Keycloak’s WebAuthn registration component. This vulnerability allows an attacker to bypass the configured attestation policy and register untrusted or forged authenticators via submission of an attestation object with fmt: "none", even when the realm is configured to require...

3.1CVSS5.8AI score0.00202EPSS
Exploits0References7
CVE
CVE
added 2026/01/26 9:28 p.m.14 views

CVE-2026-22696

CVE-2026-22696 concerns the dcap-qvl library used for SGX/TDX quote verification. The issue is a gap in cryptographic verification where QE Identity collateral is fetched from PCCS but the QE Identity signature is not verified against its certificate chain, and QE Report policy checks are not enf...

9.3CVSS5.9AI score0.00208EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2025/11/25 4:6 p.m.3 views

org.keycloak/keycloak-services: WebAuthn Attestation Statement Verification Bypass

A flaw was found in Keycloak’s WebAuthn registration component. This vulnerability allows an attacker to bypass the configured attestation policy and register untrusted or forged authenticators via submission of an attestation object with fmt: "none", even when the realm is configured to require...

3.1CVSS5.7AI score0.00202EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2025/11/13 7:30 p.m.7 views

Moderate: Red Hat Security Advisory: Red Hat build of Keycloak 26.4.4 Images Security Update

New images are available for Red Hat build of Keycloak 26.4.4 and Red Hat build of Keycloak 26.4.4 Operator, running on OpenShift Container Platform Red Hat build of Keycloak is an integrated sign-on solution, available as a Red Hat JBoss Middleware for OpenShift containerized image. The Red Hat...

6.8CVSS5.8AI score0.00432EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2025/11/13 5:51 p.m.2 views

org.keycloak/keycloak-services: WebAuthn Attestation Statement Verification Bypass

A flaw was found in Keycloak’s WebAuthn registration component. This vulnerability allows an attacker to bypass the configured attestation policy and register untrusted or forged authenticators via submission of an attestation object with fmt: "none", even when the realm is configured to require...

3.1CVSS5.7AI score0.00202EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2023/02/15 3:44 a.m.7 views

SUSE CVE-2021-26311

In the AMD SEV/SEV-ES feature, memory can be rearranged in the guest address space that is not detected by the attestation mechanism which could be used by a malicious hypervisor to potentially lead to arbitrary code execution within the guest VM if a malicious administrator has access to...

9CVSS7.5AI score0.01683EPSS
Exploits0References3
Rows per page
Query Builder