3 matches found
apache-airflow-providers-keycloak: Missing OAuth 2.0 State and PKCE Enables Login CSRF and Session Fixation
The Keycloak authentication manager in apache-airflow-providers-keycloak did not generate or validate the OAuth 2.0 state parameter on the login / login-callback flow, and did not use PKCE. An attacker with a Keycloak account in the same realm could deliver a crafted callback URL to a victim's...
CVE-2026-40948
The Keycloak authentication manager in apache-airflow-providers-keycloak did not generate or validate the OAuth 2.0 state parameter on the login / login-callback flow, and did not use PKCE. An attacker with a Keycloak account in the same realm could deliver a crafted callback URL to a victim's...
CVE-2025-61729 vulnerabilities
Vulnerabilities for packages: harbor-cli, hubble, rancher-loglevel, grafana-pyroscope, scorecard, opentelemetry-collector-contrib, nri-kubernetes, kuberlr, hello-world-golang, kubernetes-csi-external-resizer, secrets-store-csi-driver-provider-aws, task, hugo-extended, nri-apache, portieris,...