15 matches found
EUVD-2020-12574
Malware in sbrugna...
EUVD-2022-1075
Malicious code in bioql PyPI...
CVE-2020-14359
A vulnerability was found in all versions of Keycloak Gatekeeper, where on using lower case HTTP headers via cURL an attacker can bypass our Gatekeeper. Lower case headers are also accepted by some webservers e.g. Jetty. This means there is no protection when we put a Gatekeeper in front of a Jet...
CVE-2020-14359
A vulnerability was found in all versions of Keycloak Gatekeeper, where on using lower case HTTP headers via cURL an attacker can bypass our Gatekeeper. Lower case headers are also accepted by some webservers e.g. Jetty. This means there is no protection when we put a Gatekeeper in front of a Jet...
Design/Logic Flaw
A vulnerability was found in all versions of Keycloak Gatekeeper, where on using lower case HTTP headers via cURL an attacker can bypass our Gatekeeper. Lower case headers are also accepted by some webservers e.g. Jetty. This means there is no protection when we put a Gatekeeper in front of a Jet...
CVE-2020-14359
CVE-2020-14359 affects all versions of Keycloak Gatekeeper. The vulnerability allows bypass of Gatekeeper authentication when lowercase HTTP headers are used (e.g., via curl), a scenario tolerated by some webservers like Jetty. Impacted component: Gatekeeper in front of a Jetty backend can fail t...
PT-2021-9721 · Red Hat +1 · Keycloak Gatekeeper +1
Name of the Vulnerable Software and Affected Versions: Keycloak Gatekeeper versions all Description: A vulnerability was found in Keycloak Gatekeeper where an attacker can bypass the Gatekeeper by using lower case HTTP headers, for example, via cURL. This issue is particularly problematic when th...
CVE-2020-1723
A flaw was found in Keycloak Gatekeeper Louketo. The logout endpoint can be abused to redirect logged-in users to arbitrary web pages. Affected versions of Keycloak Gatekeeper Louketo: 6.0.1, 7.0.0...
Design/Logic Flaw
A flaw was found in Keycloak Gatekeeper Louketo. The logout endpoint can be abused to redirect logged-in users to arbitrary web pages. Affected versions of Keycloak Gatekeeper Louketo: 6.0.1, 7.0.0...
CVE-2020-1723
Keycloak Gatekeeper (Louketo) suffers a redirect abuse in its logout endpoint. Affected versions are 6.0.1 and 7.0.0, where /oauth/logout?redirect=url can redirect logged-in users to arbitrary pages, enabling phishing risks. The issue is documented across CVE-2020-1723 entries (NVD) and corrobora...
CVE-2020-1723
A flaw was found in Keycloak Gatekeeper Louketo. The logout endpoint can be abused to redirect logged-in users to arbitrary web pages. Affected versions of Keycloak Gatekeeper Louketo: 6.0.1, 7.0.0...
PT-2021-10082 · Red Hat · Keycloak Gatekeeper +1
Name of the Vulnerable Software and Affected Versions: Keycloak Gatekeeper Louketo versions 6.0.1, 7.0.0 Red Hat Mobile Application Platform 4 Description: A flaw was found in the logout endpoint, which can be abused to redirect logged-in users to arbitrary web pages. This issue could be used in...
CVE-2020-14359
A vulnerability was found in all versions of Keycloak Gatekeeper, where on using lower case HTTP headers via cURL an attacker can bypass our Gatekeeper. Lower case headers are also accepted by some webservers e.g. Jetty. This means there is no protection when we put a Gatekeeper in front of a Jet...
CVE-2020-1723
A flaw was found in Keycloak Gatekeeper Louketo. The logout endpoint can be abused to redirect logged-in users to arbitrary web pages...
Persistent XSRF on Kubernetes Dashboard using Redhat Keycloak Gatekeeper on Microsof Azure
tl;dr I found an XSRF in the OAuth implementation of Redhat Keycloak Gatekeeper. This would be a bit worse for people using Gatekeeper to protect their Kubernetes Dashboard especially in Microsof Azure. The Issue in Keycloak Gatekeeper Keycloak Gatekeeper is an OpenID Proxy service for Keycloak, ...