Lucene search
K

8 matches found

BDU FSTEC
BDU FSTEC
added 2024/07/03 12:0 a.m.7 views

The vulnerability of the OAuth 2.0 authorization mechanism for Pushed Authorization Requests in the software tool for managing identity verification and access in Keycloak allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the OAuth 2.0 Pushed Authorization Request mechanism in the software for managing identity verification and access involves the storage of sensitive data in an open format within a cookie file called KCRESTART. Exploiting this vulnerability could allow an attacker to gain...

7.8CVSS7.1AI score0.00551EPSS
Exploits0References4Affected Software2
OSV
OSV
added 2024/06/10 6:36 p.m.3 views

GHSA-69FP-7C8P-CRJR Keycloak exposes sensitive information in Pushed Authorization Requests (PAR)

A flaw was found in Keycloak in the OAuth 2.0 Pushed Authorization Requests PAR. Client provided parameters were found to be included in plain text in the KCRESTART cookie returned by the authorization server's HTTP response to a requesturi authorization request. This could lead to an information...

7.5CVSS5.8AI score0.00551EPSS
Exploits0References15
SUSE CVE
SUSE CVE
added 2024/06/04 12:24 p.m.2 views

SUSE CVE-2024-4540

A flaw was found in Keycloak in OAuth 2.0 Pushed Authorization Requests PAR. Client-provided parameters were found to be included in plain text in the KCRESTART cookie returned by the authorization server's HTTP response to a requesturi authorization request, possibly leading to an information...

7.5CVSS6.2AI score0.00551EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2024/06/03 9:26 p.m.7 views

keycloak: exposure of sensitive information in Pushed Authorization Requests (PAR) KC_RESTART cookie

A flaw was found in Keycloak in OAuth 2.0 Pushed Authorization Requests PAR. Client-provided parameters were found to be included in plain text in the KCRESTART cookie returned by the authorization server's HTTP response to a requesturi authorization request, possibly leading to an information...

7.5CVSS5.7AI score0.00551EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2024/06/03 8:0 p.m.6 views

keycloak: exposure of sensitive information in Pushed Authorization Requests (PAR) KC_RESTART cookie

A flaw was found in Keycloak in OAuth 2.0 Pushed Authorization Requests PAR. Client-provided parameters were found to be included in plain text in the KCRESTART cookie returned by the authorization server's HTTP response to a requesturi authorization request, possibly leading to an information...

7.5CVSS5.7AI score0.00551EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2024/06/03 7:48 p.m.6 views

keycloak: exposure of sensitive information in Pushed Authorization Requests (PAR) KC_RESTART cookie

A flaw was found in Keycloak in OAuth 2.0 Pushed Authorization Requests PAR. Client-provided parameters were found to be included in plain text in the KCRESTART cookie returned by the authorization server's HTTP response to a requesturi authorization request, possibly leading to an information...

7.5CVSS5.7AI score0.00551EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2024/06/03 7:48 p.m.5 views

keycloak: exposure of sensitive information in Pushed Authorization Requests (PAR) KC_RESTART cookie

A flaw was found in Keycloak in OAuth 2.0 Pushed Authorization Requests PAR. Client-provided parameters were found to be included in plain text in the KCRESTART cookie returned by the authorization server's HTTP response to a requesturi authorization request, possibly leading to an information...

7.5CVSS5.7AI score0.00551EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2024/06/03 7:48 p.m.88 views

keycloak: exposure of sensitive information in Pushed Authorization Requests (PAR) KC_RESTART cookie

A flaw was found in Keycloak in OAuth 2.0 Pushed Authorization Requests PAR. Client-provided parameters were found to be included in plain text in the KCRESTART cookie returned by the authorization server's HTTP response to a requesturi authorization request, possibly leading to an information...

7.5CVSS5.7AI score0.00551EPSS
Exploits0References4
Rows per page
Query Builder