Lucene search
K

18 matches found

Snyk
Snyk
added 2026/03/27 1:23 a.m.4 views

Origin Validation Error

Overview Affected versions of this package are vulnerable to Origin Validation Error during the intra-handshake attestation.. An attacker can impersonate a trusted service endpoint and gain unauthorized access to sensitive data or operations by extracting the ephemeral TLS private key through...

7.8CVSS5.9AI score0.00062EPSS
Exploits0References3
Snyk
Snyk
added 2026/03/27 1:23 a.m.1 views

Origin Validation Error

Overview Affected versions of this package are vulnerable to Origin Validation Error during the intra-handshake attestation.. An attacker can impersonate a trusted service endpoint and gain unauthorized access to sensitive data or operations by extracting the ephemeral TLS private key through...

7.8CVSS5.9AI score0.00062EPSS
Exploits0References3
EUVD
EUVD
added 2026/02/27 9:30 a.m.6 views

EUVD-2025-208135

A flaw was found in Keycloak’s WebAuthn registration component. This vulnerability allows an attacker to bypass the configured attestation policy and register untrusted or forged authenticators via submission of an attestation object with fmt: "none", even when the realm is configured to require...

3.1CVSS5.8AI score0.00202EPSS
Exploits0References8
Github Security Blog
Github Security Blog
added 2026/02/27 9:30 a.m.9 views

Keycloak REST Services has a WebAuthn Attestation Statement Verification Bypass

A flaw was found in Keycloak’s WebAuthn registration component. This vulnerability allows an attacker to bypass the configured attestation policy and register untrusted or forged authenticators via submission of an attestation object with fmt: "none", even when the realm is configured to require...

3.1CVSS5.8AI score0.00202EPSS
Exploits0References11Affected Software1
NVD
NVD
added 2026/02/27 9:16 a.m.9 views

CVE-2025-12150

A flaw was found in Keycloak’s WebAuthn registration component. This vulnerability allows an attacker to bypass the configured attestation policy and register untrusted or forged authenticators via submission of an attestation object with fmt: "none", even when the realm is configured to require...

3.1CVSS0.00202EPSS
Exploits0References7
OSV
OSV
added 2026/02/27 9:16 a.m.6 views

CVE-2025-12150

A flaw was found in Keycloak’s WebAuthn registration component. This vulnerability allows an attacker to bypass the configured attestation policy and register untrusted or forged authenticators via submission of an attestation object with fmt: "none", even when the realm is configured to require...

3.1CVSS5.7AI score0.00202EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/02/27 8:10 a.m.3 views

CVE-2025-12150

A flaw was found in Keycloak’s WebAuthn registration component. This vulnerability allows an attacker to bypass the configured attestation policy and register untrusted or forged authenticators via submission of an attestation object with fmt: "none", even when the realm is configured to require...

3.1CVSS5.8AI score0.00202EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/02/27 8:10 a.m.22 views

CVE-2025-12150 Org.keycloak/keycloak-services: webauthn attestation statement verification bypass

A flaw was found in Keycloak’s WebAuthn registration component. This vulnerability allows an attacker to bypass the configured attestation policy and register untrusted or forged authenticators via submission of an attestation object with fmt: "none", even when the realm is configured to require...

3.1CVSS0.00202EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/02/27 12:0 a.m.11 views

PT-2026-22313

A flaw was found in Keycloak’s WebAuthn registration component. This vulnerability allows an attacker to bypass the configured attestation policy and register untrusted or forged authenticators via submission of an attestation object with fmt: "none", even when the realm is configured to require...

3.1CVSS5.8AI score0.00202EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2025/11/13 5:51 p.m.2 views

org.keycloak/keycloak-services: WebAuthn Attestation Statement Verification Bypass

A flaw was found in Keycloak’s WebAuthn registration component. This vulnerability allows an attacker to bypass the configured attestation policy and register untrusted or forged authenticators via submission of an attestation object with fmt: "none", even when the realm is configured to require...

3.1CVSS5.7AI score0.00202EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2025/10/14 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2025-61779

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Confidential Containers's Trustee project contains tools and components for attesting confidential guests and providing secrets to them. In versions prior to...

8.7CVSS5.5AI score0.00321EPSS
Exploits0References2
NVD
NVD
added 2025/10/09 9:15 p.m.4 views

CVE-2025-61779

Confidential Containers's Trustee project contains tools and components for attesting confidential guests and providing secrets to them. In versions prior to 0.15.0, the attestation-policy endpoint didn't check if the kbs-client submitting the request was actually authenticated had the right key...

8.7CVSS0.00321EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/09 8:53 p.m.5 views

EUVD-2025-33556

Confidential Containers's Trustee project contains tools and components for attesting confidential guests and providing secrets to them. In versions prior to 0.15.0, the attestation-policy endpoint didn't check if the kbs-client submitting the request was actually authenticated had the right key...

8.7CVSS6.2AI score0.00321EPSS
Exploits0References3
OSV
OSV
added 2025/10/09 8:53 p.m.5 views

CVE-2025-61779 Trustee's attestation-policy endpoint is not protected by admin autentication

Confidential Containers's Trustee project contains tools and components for attesting confidential guests and providing secrets to them. In versions prior to 0.15.0, the attestation-policy endpoint didn't check if the kbs-client submitting the request was actually authenticated had the right key...

8.7CVSS6.7AI score0.00321EPSS
Exploits0References5
CVE
CVE
added 2025/10/09 8:53 p.m.22 views

CVE-2025-61779

The CVE-2025-61779 issue affects Confidential Containers' Trustee project. In versions before 0.15.0, the attestation-policy endpoint did not verify that the kbs-client submitting a request was actually authenticated, allowing an unauthenticated client to change the attestation policy. The vulner...

8.7CVSS6.3AI score0.00321EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/10/09 8:53 p.m.5 views

CVE-2025-61779 Trustee's attestation-policy endpoint is not protected by admin autentication

Confidential Containers's Trustee project contains tools and components for attesting confidential guests and providing secrets to them. In versions prior to 0.15.0, the attestation-policy endpoint didn't check if the kbs-client submitting the request was actually authenticated had the right key...

8.7CVSS6.3AI score0.00321EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/10/09 8:53 p.m.9 views

CVE-2025-61779 Trustee's attestation-policy endpoint is not protected by admin autentication

Confidential Containers's Trustee project contains tools and components for attesting confidential guests and providing secrets to them. In versions prior to 0.15.0, the attestation-policy endpoint didn't check if the kbs-client submitting the request was actually authenticated had the right key...

8.7CVSS0.00321EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/10/09 12:0 a.m.8 views

PT-2025-41491

Name of the Vulnerable Software and Affected Versions Confidential Containers Trustee versions prior to 0.15.0 Description The Confidential Containers Trustee project, which includes tools for attesting confidential guests and providing secrets, had a flaw in the attestation-policy endpoint. Befo...

8.7CVSS6.8AI score0.00321EPSS
Exploits0References5
Rows per page
Query Builder