16 matches found
org.keycloak:keycloak-saml-adapter-galleon-pack (>=21.1.0 <=26.5.3), org.keycloak:keycloak-saml-jakarta-servlet-filter-adapter (>=21.1.0 <=22.0.4) +28 more potentially affected by CVE-2026-2575 via org.keycloak:keycloak-saml-adapter-core (>=1.9.0.CR1 <=26.5.3)
org.keycloak:keycloak-saml-adapter-core MAVEN version =1.9.0.CR1, =21.1.0, =21.1.0, =1.9.0.CR1, =1.9.0.CR1, =1.9.0.CR1, =1.9.0.CR1, =1.9.0.CR1, =1.9.0.CR1, =20.0.0, =20.0.0, =1.9.0.CR1, =20.0.0, =1.9.0.CR1, =20.0.0, =1.9.0.CR1, =1.9.8.Final and more Source cves: CVE-2026-2575 Source advisory:...
EUVD-2024-2954
Malicious code in bioql PyPI...
GHSA-5RXP-2RHR-QWQV Keycloak has session fixation in Elytron SAML adapters
A session fixation issue was discovered in the SAML adapters provided by Keycloak. The session ID and JSESSIONID cookie are not changed at login time, even when the turnOffChangeSessionIdOnLogin option is configured. This flaw allows an attacker who hijacks the current session before authenticati...
CVE-2024-7341 Wildfly-elytron: org.keycloak/keycloak-services: session fixation in elytron saml adapters
A session fixation issue was discovered in the SAML adapters provided by Keycloak. The session ID and JSESSIONID cookie are not changed at login time, even when the turnOffChangeSessionIdOnLogin option is configured. This flaw allows an attacker who hijacks the current session before authenticati...
CVE-2024-7341 Wildfly-elytron: org.keycloak/keycloak-services: session fixation in elytron saml adapters
A session fixation issue was discovered in the SAML adapters provided by Keycloak. The session ID and JSESSIONID cookie are not changed at login time, even when the turnOffChangeSessionIdOnLogin option is configured. This flaw allows an attacker who hijacks the current session before authenticati...
wildfly-elytron: org.keycloak/keycloak-services: session fixation in elytron saml adapters
A session fixation issue was discovered in the SAML adapters provided by Keycloak. The session ID and JSESSIONID cookie are not changed at login time, even when the turnOffChangeSessionIdOnLogin option is configured. This flaw allows an attacker who hijacks the current session before authenticati...
wildfly-elytron: org.keycloak/keycloak-services: session fixation in elytron saml adapters
A session fixation issue was discovered in the SAML adapters provided by Keycloak. The session ID and JSESSIONID cookie are not changed at login time, even when the turnOffChangeSessionIdOnLogin option is configured. This flaw allows an attacker who hijacks the current session before authenticati...
wildfly-elytron: org.keycloak/keycloak-services: session fixation in elytron saml adapters
A session fixation issue was discovered in the SAML adapters provided by Keycloak. The session ID and JSESSIONID cookie are not changed at login time, even when the turnOffChangeSessionIdOnLogin option is configured. This flaw allows an attacker who hijacks the current session before authenticati...
Moderate: Red Hat Security Advisory: Red Hat build of Keycloak 22.0.12 Update
New Red Hat build of Keycloak 22.0.12 packages are available from the Customer Portal. This is a security update with Moderate impact rating. Red Hat build of Keycloak 22.0.12 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on...
wildfly-elytron: org.keycloak/keycloak-services: session fixation in elytron saml adapters
A session fixation issue was discovered in the SAML adapters provided by Keycloak. The session ID and JSESSIONID cookie are not changed at login time, even when the turnOffChangeSessionIdOnLogin option is configured. This flaw allows an attacker who hijacks the current session before authenticati...
wildfly-elytron: org.keycloak/keycloak-services: session fixation in elytron saml adapters
A session fixation issue was discovered in the SAML adapters provided by Keycloak. The session ID and JSESSIONID cookie are not changed at login time, even when the turnOffChangeSessionIdOnLogin option is configured. This flaw allows an attacker who hijacks the current session before authenticati...
wildfly-elytron: org.keycloak/keycloak-services: session fixation in elytron saml adapters
A session fixation issue was discovered in the SAML adapters provided by Keycloak. The session ID and JSESSIONID cookie are not changed at login time, even when the turnOffChangeSessionIdOnLogin option is configured. This flaw allows an attacker who hijacks the current session before authenticati...
Moderate: Red Hat Security Advisory: Red Hat Single Sign-On 7.6.10 security update
A security update is now available for Red Hat Single Sign-On 7.6 from the Customer Portal. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
CVE-2024-7341
A session fixation issue was discovered in the SAML adapters provided by Keycloak. The session ID and JSESSIONID cookie are not changed at login time, even when the turnOffChangeSessionIdOnLogin option is configured. This flaw allows an attacker who hijacks the current session before authenticati...
RHEL 9 : Red Hat Single Sign-On 7.6.10 security update on RHEL 9 (Moderate) (RHSA-2024:6495)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:6495 advisory. Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single...
PT-2024-38275 · Red Hat · Keycloak Saml Adapters +1
Name of the Vulnerable Software and Affected Versions: Keycloak SAML adapters affected versions not specified Description: A session fixation issue was discovered in the SAML adapters provided by Keycloak. The session ID and JSESSIONID cookie are not changed at login time, even when the...