Lucene search
K

18 matches found

RedHat Linux
RedHat Linux
added 2026/06/25 6:47 p.m.6 views

keycloak: Keycloak: Information disclosure through arbitrary filesystem path probing

A flaw was found in Keycloak. A realm administrator with the "manage-realm" role can exploit this vulnerability by submitting an arbitrary filesystem path as a keystore parameter when creating a key provider component. This allows the administrator to probe arbitrary filesystem paths, determining...

4.9CVSS5.9AI score0.00519EPSS
Exploits0References4
NVD
NVD
added 2026/06/25 5:17 p.m.8 views

CVE-2026-9083

A flaw was found in Keycloak. A realm administrator with the "manage-realm" role can exploit this vulnerability by submitting an arbitrary filesystem path as a keystore parameter when creating a key provider component. This allows the administrator to probe arbitrary filesystem paths, determining...

4.9CVSS0.00519EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/25 4:17 p.m.6 views

EUVD-2026-39476

A flaw was found in Keycloak. A realm administrator with the "manage-realm" role can exploit this vulnerability by submitting an arbitrary filesystem path as a keystore parameter when creating a key provider component. This allows the administrator to probe arbitrary filesystem paths, determining...

4.9CVSS5.9AI score0.00519EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/25 4:17 p.m.7 views

CVE-2026-9083 Keycloak: keycloak: information disclosure through arbitrary filesystem path probing

A flaw was found in Keycloak. A realm administrator with the "manage-realm" role can exploit this vulnerability by submitting an arbitrary filesystem path as a keystore parameter when creating a key provider component. This allows the administrator to probe arbitrary filesystem paths, determining...

4.9CVSS5.9AI score0.00519EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/06/25 4:17 p.m.32 views

CVE-2026-9083 Keycloak: keycloak: information disclosure through arbitrary filesystem path probing

A flaw was found in Keycloak. A realm administrator with the "manage-realm" role can exploit this vulnerability by submitting an arbitrary filesystem path as a keystore parameter when creating a key provider component. This allows the administrator to probe arbitrary filesystem paths, determining...

4.9CVSS0.00519EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/06/25 4:17 p.m.7 views

CVE-2026-9083

A flaw was found in Keycloak. A realm administrator with the "manage-realm" role can exploit this vulnerability by submitting an arbitrary filesystem path as a keystore parameter when creating a key provider component. This allows the administrator to probe arbitrary filesystem paths, determining...

4.9CVSS5.9AI score0.00519EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2026/06/25 4:1 p.m.5 views

CVE-2026-9083

A flaw was found in Keycloak. A realm administrator with the "manage-realm" role can exploit this vulnerability by submitting an arbitrary filesystem path as a keystore parameter when creating a key provider component. This allows the administrator to probe arbitrary filesystem paths, determining...

4.9CVSS5.9AI score0.00519EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.8 views

PT-2026-52505

Name of the Vulnerable Software and Affected Versions Keycloak affected versions not specified Description A realm administrator with the manage-realm role can probe arbitrary filesystem paths by submitting an arbitrary path as a keystore parameter during the creation of a key provider component...

4.9CVSS5.9AI score0.00519EPSS
Exploits0References8
Snyk
Snyk
added 2026/04/14 3:30 p.m.8 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS in select-organization.ftl - shown on the organization selection login page - since the organization.alias value is inserted into an inline JavaScript onclick handler. A user with manage-realm or...

6.9CVSS5.9AI score0.00226EPSS
Exploits0References2
EUVD
EUVD
added 2026/04/14 3:30 p.m.7 views

EUVD-2026-22294

A flaw was found in Keycloak, specifically in the organization selection login page. A remote attacker with manage-realm or manage-organizations administrative privileges can exploit a Stored Cross-Site Scripting XSS vulnerability. This flaw occurs because the organization.alias is placed into an...

6.9CVSS6AI score0.00226EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/04/14 2:54 p.m.33 views

CVE-2026-37980 Org.keycloak.forms.login: keycloak: keycloak: arbitrary code execution via stored cross-site scripting (xss) in organization selection login page

A flaw was found in Keycloak, specifically in the organization selection login page. A remote attacker with manage-realm or manage-organizations administrative privileges can exploit a Stored Cross-Site Scripting XSS vulnerability. This flaw occurs because the organization.alias is placed into an...

6.9CVSS0.00226EPSS
Exploits0References2
CVE
CVE
added 2026/04/14 2:54 p.m.23 views

CVE-2026-37980

CVE-2026-37980 affects Keycloak, specifically the organization selection login page. The vulnerability arises because the organization.alias is inserted into an inline JavaScript onclick handler, enabling a remote attacker with manage-realm or manage-organizations privileges to trigger a Stored X...

6.9CVSS6AI score0.00226EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/04/14 2:54 p.m.6 views

CVE-2026-37980

A flaw was found in Keycloak, specifically in the organization selection login page. A remote attacker with manage-realm or manage-organizations administrative privileges can exploit a Stored Cross-Site Scripting XSS vulnerability. This flaw occurs because the organization.alias is placed into an...

6.9CVSS6AI score0.00226EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/04/14 2:47 p.m.4 views

CVE-2026-37980

A flaw was found in Keycloak, specifically in the organization selection login page. A remote attacker with manage-realm or manage-organizations administrative privileges can exploit a Stored Cross-Site Scripting XSS vulnerability. This flaw occurs because the organization.alias is placed into an...

6.9CVSS6AI score0.00226EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2024/09/09 4:0 p.m.15 views

keycloak: Leak of configured LDAP bind credentials through the Keycloak admin console

A vulnerability was found in Keycloak. The LDAP testing endpoint allows changing the Connection URL independently without re-entering the currently configured LDAP bind credentials. This flaw allows an attacker with admin access permission manage-realm to change the LDAP host URL "Connection URL"...

2.7CVSS5.7AI score0.00649EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2024/09/09 3:58 p.m.5 views

keycloak: Leak of configured LDAP bind credentials through the Keycloak admin console

A vulnerability was found in Keycloak. The LDAP testing endpoint allows changing the Connection URL independently without re-entering the currently configured LDAP bind credentials. This flaw allows an attacker with admin access permission manage-realm to change the LDAP host URL "Connection URL"...

2.7CVSS5.7AI score0.00649EPSS
Exploits0References4
Veracode
Veracode
added 2024/06/19 5:56 a.m.47 views

Credential Leakage

org.keycloak, keycloak-core is vulnerable to Credential Leakage. The vulnerability is due to a lack of proper validation and enforcement when administrators change the LDAP Connection URL without requiring re-entry of the currently configured LDAP bind credentials. The vulnerability allows an...

2.7CVSS6.5AI score0.00649EPSS
Exploits0References11Affected Software1
ATTACKERKB
ATTACKERKB
added 2024/06/18 12:15 p.m.3 views

CVE-2024-5967

A vulnerability was found in Keycloak. The LDAP testing endpoint allows changing the Connection URL independently without re-entering the currently configured LDAP bind credentials. This flaw allows an attacker with admin access permission manage-realm to change the LDAP host URL "Connection URL"...

2.7CVSS5.7AI score0.00649EPSS
Exploits0References10Affected Software7
Rows per page
Query Builder