keycloak: Keycloak IDOR in realm client creating/deleting

A flaw was found in Keycloak. An IDOR Broken Access Control vulnerability exists in the admin API endpoints for authorization resource management, specifically in ResourceSetService and PermissionTicketService. The system checks authorization against the resourceServer client ID provided in the A...

Incorrect Authorization

Overview parse-server is a version of the Parse backend that can be deployed to any infrastructure that can run Node.js. Affected versions of this package are vulnerable to Incorrect Authorization in the Keycloak authentication adapter due to missing validation of the azp claim in access tokens...

PT-2025-51367

Name of the Vulnerable Software and Affected Versions Keycloak affected versions not specified Description A broken access control issue was identified in Keycloak’s admin API endpoints related to authorization resource management, specifically within the ResourceSetService and...

CVE-2025-22956

OPSI before 4.3 allows any client to retrieve any ProductPropertyState, including those of other clients. This can lead to privilege escalation if any ProductPropertyState contains a secret only intended to be accessible by a subset of clients. One example of this is a domain join account passwor...

PT-2025-36466

Name of the Vulnerable Software and Affected Versions: OPSI versions prior to 4.3 Description: OPSI allows any client to retrieve any ProductPropertyState, including those of other clients. This can lead to privilege escalation if any ProductPropertyState contains a secret intended to be accessib...

CVE-2023-2422

A flaw was found in Keycloak. A Keycloak server configured to support mTLS authentication for OAuth/OpenID clients does not properly verify the client certificate chain. A client that possesses a proper certificate can authorize itself as any other client, therefore, access data that belongs to...