45 matches found
CVE-2026-4630
A flaw was found in Keycloak. An authenticated client could exploit an Insecure Direct Object Reference IDOR vulnerability in the Authorization Services Protection API endpoint. By knowing or obtaining a resource's unique identifier UUID belonging to another Resource Server within the same realm,...
CVE-2026-4630
A flaw was found in Keycloak. An authenticated client could exploit an Insecure Direct Object Reference IDOR vulnerability in the Authorization Services Protection API endpoint. By knowing or obtaining a resource's unique identifier UUID belonging to another Resource Server within the same realm,...
CVE-2025-14777
A flaw was found in Keycloak. An IDOR Broken Access Control vulnerability exists in the admin API endpoints for authorization resource management, specifically in ResourceSetService and PermissionTicketService. The system checks authorization against the resourceServer client ID provided in the A...
CVE-2025-14777 Keycloak: keycloak idor in realm client creating/deleting
A flaw was found in Keycloak. An IDOR Broken Access Control vulnerability exists in the admin API endpoints for authorization resource management, specifically in ResourceSetService and PermissionTicketService. The system checks authorization against the resourceServer client ID provided in the A...
AZL-70174 CVE-2025-59088 affecting package python-kdcproxy 1.0.0-18
If kdcproxy receives a request for a realm which does not have server addresses defined in its configuration, by default, it will query SRV records in the DNS zone matching the requested realm name. This creates a server-side request forgery vulnerability, since an attacker could send a request f...
python-kdcproxy: Unauthenticated SSRF via Realm‑Controlled DNS SRV
If kdcproxy receives a request for a realm which does not have server addresses defined in its configuration, by default, it will query SRV records in the DNS zone matching the requested realm name. This creates a server-side request forgery vulnerability, since an attacker could send a request f...
HTTP Verb Authentication Bypass Scanner
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'HTTP Verb Authentication Bypass Scanner', 'Description' = %q This module test for authentication bypass using different HTTP verbs. , 'Author' =...
Fortinet SSL VPN Bruteforce Login Utility
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Fortinet SSL VPN Bruteforce Login Utility', 'Description' = % This module scans for Fortinet SSL VPN web login portals and performs login brute...
CVE-2023-6717 Keycloak: xss via assertion consumer service url in saml post-binding flow
A flaw was found in the SAML client registration in Keycloak that could allow an administrator to register malicious JavaScript URIs as Assertion Consumer Service POST Binding URLs ACS, posing a Cross-Site Scripting XSS risk. This issue may allow a malicious admin in one realm or a client with...
CVE-2023-6717 Keycloak: xss via assertion consumer service url in saml post-binding flow
A flaw was found in the SAML client registration in Keycloak that could allow an administrator to register malicious JavaScript URIs as Assertion Consumer Service POST Binding URLs ACS, posing a Cross-Site Scripting XSS risk. This issue may allow a malicious admin in one realm or a client with...
CVE-2023-6717
A flaw was found in the SAML client registration in Keycloak that could allow an administrator to register malicious JavaScript URIs as Assertion Consumer Service POST Binding URLs ACS, posing a Cross-Site Scripting XSS risk. This issue may allow a malicious admin in one realm or a client with...
WildFly Elytron: OIDC app attempting to access the second tenant, the user should be prompted to log
A flaw was found in JBoss EAP. When an OIDC app that serves multiple tenants attempts to access the second tenant, it should prompt the user to log in again since the second tenant is secured with a different OIDC configuration. The underlying issue is in OidcSessionTokenStore when determining if...
GHSA-JPMX-996V-48FM WildFly Elytron: OIDC app attempting to access the second tenant, the user should be prompted to log
A flaw was found in JBoss EAP. When an OIDC app that serves multiple tenants attempts to access the second tenant, it should prompt the user to log in again since the second tenant is secured with a different OIDC configuration. The underlying issue is in OidcSessionTokenStore when determining if...
CVE-2023-6236 Eap: oidc app attempting to access the second tenant, the user should be prompted to log
A flaw was found in Red Hat Enterprise Application Platform 8. When an OIDC app that serves multiple tenants attempts to access the second tenant, it should prompt the user to log in again since the second tenant is secured with a different OIDC configuration. The underlying issue is in...
CVE-2023-6236
CVE-2023-6236 affects Red Hat JBoss Enterprise Application Platform 8 (OIDC multi-tenant scenario). The root cause is in OidcSessionTokenStore: when deciding whether to reuse a cached token, it must also consider the new provider-url option in addition to realm; without this, an app serving multi...
GHSA-JRF2-H5J6-3RRQ Bunkum tokens cached in the AuthenticationService are susceptible to a use-after-free
Impact First, a little bit of background. So, in the beginning, Bunkum's AuthenticationService only supported injecting IUsers. However, as Refresh and SoundShapesServer implemented permissions systems support for injecting ITokens into endpoints was added. All was well until 4.0. Bunkum 4.0 then...
Bunkum tokens cached in the AuthenticationService are susceptible to a use-after-free
Impact First, a little bit of background. So, in the beginning, Bunkum's AuthenticationService only supported injecting IUsers. However, as Refresh and SoundShapesServer implemented permissions systems support for injecting ITokens into endpoints was added. All was well until 4.0. Bunkum 4.0 then...
CVE-2023-37945
The CVE concerns Jenkins SAML Single Sign On (SSO) Plugin. A missing permission check in HTTP endpoints allows attackers with Overall/Read to download a string representation of the current security realm. Affected versions are 2.1.0 through 2.3.0; 2.3.1 fixes the issue. Impacts are limited to in...
Inadequate Encryption Strength
Firefox is vulnerable to Inadequate Encryption Strength. The vulnerability exists because a call to the bind function may have resulted in the incorrect realm under certain circumstances...
User Impersonation
keycloak-services is vulnerable to User Impersonation. The vulnerability is due to the OpenID Connect user authentication because the session UUID is not properly bound to the user session, allowing an attacker to obtain a certain piece of information from a user request in the same realm and...