3 matches found
GHSA-RX66-HJ7G-28H7 Keycloak: Replay of action tokens via improper handling of single-use entries
A flaw was found in Keycloak. The SingleUseObjectProvider, a global key-value store, lacks proper type and namespace isolation. This vulnerability allows an attacker to delete arbitrary single-use entries, which can enable the replay of consumed action tokens, such as password reset links. This...
keycloak: Keycloak: Replay of action tokens via improper handling of single-use entries
A flaw was found in Keycloak. The SingleUseObjectProvider, a global key-value store, lacks proper type and namespace isolation. This vulnerability allows an attacker to delete arbitrary single-use entries, which can enable the replay of consumed action tokens, such as password reset links. This...
CVE-2026-4325
CVE-2026-4325 involves Keycloak’s SingleUseObjectProvider, a global key-value store, lacking proper type and namespace isolation. The issue allows an attacker to delete arbitrary single-use entries, enabling the replay of consumed action tokens (e.g., password reset links) and potentially leading...