GHSA-RQ4W-CJRR-H8W8 Duplicate Advisory: Keycloak allows Incorrect Assignment of an Organization to a User

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-gvgg-2r3r-53x7. This link is maintained to preserve external references. Original Description A flaw was found in the Keycloak organization feature, which allows the incorrect assignment of an organization to a...

Keycloak 访问控制错误漏洞

Keycloak is an open source identity and access management solution from Keycloak Open Source. Keycloak suffers from an access control error vulnerability that stems from a user-organization domain pattern mismatch in the organization function. An attacker exploiting this vulnerability could be...

go-restful: Authorization Bypass Through User-Controlled Key

A flaw was found in CORS Filter feature from the go-restful package. When a user inputs a domain which is in AllowedDomains, all domains starting with the same pattern are accepted. This issue could allow an attacker to break the CORS policy by allowing any page to make requests and retrieve data...

go-restful: Authorization Bypass Through User-Controlled Key

A flaw was found in CORS Filter feature from the go-restful package. When a user inputs a domain which is in AllowedDomains, all domains starting with the same pattern are accepted. This issue could allow an attacker to break the CORS policy by allowing any page to make requests and retrieve data...

go-restful: Authorization Bypass Through User-Controlled Key

A flaw was found in CORS Filter feature from the go-restful package. When a user inputs a domain which is in AllowedDomains, all domains starting with the same pattern are accepted. This issue could allow an attacker to break the CORS policy by allowing any page to make requests and retrieve data...