CVE-2017-2582

It was found that while parsing the SAML messages the StaxParserUtil class of Picketlink replaces special strings for obtaining attribute values with system property. This could allow an attacker to determine values of system properties at the attacked system by formatting the SAML request ID fie...

Information Disclosure

keycloak-saml-core is vulnerable to sensitive information disclosure. The attack exists because SAML messages are being parsed by replacing the string to obtain the attribute values with the system property in StaxParserUtil class. Therefore, attacker can just parse the chosen system property nam...

GHSA-C77R-6F64-478Q keycloak-core discloses system properties

It was found that while parsing the SAML messages the StaxParserUtil class of keycloak before 2.5.1 replaces special strings for obtaining attribute values with system property. This could allow an attacker to determine values of system properties at the attacked system by formatting the SAML...

keycloak-core discloses system properties

It was found that while parsing the SAML messages the StaxParserUtil class of keycloak before 2.5.1 replaces special strings for obtaining attribute values with system property. This could allow an attacker to determine values of system properties at the attacked system by formatting the SAML...

CVE-2017-2582

It was found that while parsing the SAML messages the StaxParserUtil class of keycloak before 2.5.1 replaces special strings for obtaining attribute values with system property. This could allow an attacker to determine values of system properties at the attacked system by formatting the SAML...