13 matches found
Replay Attack
Overview org.keycloak:keycloak-server-spi-private is an open source identity and access management solution for modern applications and services. Affected versions of this package are vulnerable to Replay Attack through the RequiredActionFactory and required-action implementations in the...
Replay Attack
Overview org.keycloak:keycloak-services is an open source identity and access management solution for modern applications and services. Affected versions of this package are vulnerable to Replay Attack through the RequiredActionFactory and required-action implementations in the authentication flo...
CVE-2022-1274
A flaw was found in Keycloak in the execute-actions-email endpoint. This issue allows arbitrary HTML to be injected into emails sent to Keycloak users and can be misused to perform phishing or other attacks against users...
Design/Logic Flaw
A flaw was found in Keycloak in the execute-actions-email endpoint. This issue allows arbitrary HTML to be injected into emails sent to Keycloak users and can be misused to perform phishing or other attacks against users...
CVE-2022-1274
A flaw was found in Keycloak in the execute-actions-email endpoint. This issue allows arbitrary HTML to be injected into emails sent to Keycloak users and can be misused to perform phishing or other attacks against users...
CVE-2022-1274
CVE-2022-1274 is referenced in Red Hat advisories RHSA-2023-1043/1044 as a fix for Red Hat Single Sign-On 7.6.2 on RHEL 7/8/9. The vulnerability is linked to Keycloak’s execute-actions-email flow, with the cited issue being a missing email notification template allowlist that can enable an XSS-li...
keycloak: HTML injection in execute-actions-email Admin REST API
A flaw was found in Keycloak in the execute-actions-email endpoint. This issue allows arbitrary HTML to be injected into emails sent to Keycloak users and can be misused to perform phishing or other attacks against users...
keycloak: HTML injection in execute-actions-email Admin REST API
A flaw was found in Keycloak in the execute-actions-email endpoint. This issue allows arbitrary HTML to be injected into emails sent to Keycloak users and can be misused to perform phishing or other attacks against users...
keycloak: HTML injection in execute-actions-email Admin REST API
A flaw was found in Keycloak in the execute-actions-email endpoint. This issue allows arbitrary HTML to be injected into emails sent to Keycloak users and can be misused to perform phishing or other attacks against users...
keycloak: HTML injection in execute-actions-email Admin REST API
A flaw was found in Keycloak in the execute-actions-email endpoint. This issue allows arbitrary HTML to be injected into emails sent to Keycloak users and can be misused to perform phishing or other attacks against users...
GHSA-M4FV-GM5M-4725 HTML Injection in Keycloak Admin REST API
The execute-actions-email endpoint of the Keycloak Admin REST API allows a malicious actor to send emails containing phishing links to Keycloak users...
CVE-2022-1274
A flaw was found in Keycloak in the execute-actions-email endpoint. This issue allows arbitrary HTML to be injected into emails sent to Keycloak users and can be misused to perform phishing or other attacks against users...
PT-2023-5052 · Red Hat · Keycloak
Name of the Vulnerable Software and Affected Versions: Keycloak affected versions not specified Description: A flaw was found in the "execute-actions-email" endpoint of Keycloak, allowing arbitrary HTML to be injected into emails sent to Keycloak users. This issue can be misused to perform phishi...