11 matches found
SUSE CVE-2022-1245
A privilege escalation flaw was found in the token exchange feature of keycloak. Missing authorization allows a client application holding a valid access token to exchange tokens for any target client by passing the clientid of the target. This could allow a client to gain unauthorized access to...
keycloak: Privilege escalation vulnerability on Token Exchange
A privilege escalation flaw was found in the token exchange feature of keycloak. Missing authorization allows a client application holding a valid access token to exchange tokens for any target client by passing the clientid of the target. This could allow a client to gain unauthorized access to...
keycloak: Privilege escalation vulnerability on Token Exchange
A privilege escalation flaw was found in the token exchange feature of keycloak. Missing authorization allows a client application holding a valid access token to exchange tokens for any target client by passing the clientid of the target. This could allow a client to gain unauthorized access to...
keycloak: Privilege escalation vulnerability on Token Exchange
A privilege escalation flaw was found in the token exchange feature of keycloak. Missing authorization allows a client application holding a valid access token to exchange tokens for any target client by passing the clientid of the target. This could allow a client to gain unauthorized access to...
GHSA-75P6-52G3-RQC8 Keycloak vulnerable to privilege escalation on Token Exchange feature
A privilege escalation flaw was found in the token exchange feature of keycloak. Missing authorization allows a client application holding a valid access token to exchange tokens for any target client by passing the clientid of the target. This could allow a client to gain unauthorized access to...
Keycloak vulnerable to privilege escalation on Token Exchange feature
A privilege escalation flaw was found in the token exchange feature of keycloak. Missing authorization allows a client application holding a valid access token to exchange tokens for any target client by passing the clientid of the target. This could allow a client to gain unauthorized access to...
PT-2022-13745 · Red Hat · Keycloak
Name of the Vulnerable Software and Affected Versions: Keycloak affected versions not specified Description: A privilege escalation flaw was found in the token exchange feature of Keycloak. Missing authorization allows a client application holding a valid access token to exchange tokens for any...
Session fixation
Session fixation on password protected public links in the ownCloud Server before 10.8.0 allows an attacker to bypass the password protection when they can force a target client to use a controlled cookie...
Mtp-Target 1.2.2 Client Remote Format String Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/13460/info A remote format string vulnerability affects Mtp-Target Client. This issue is due to a failure of the application to securely call a formatted printing function. An attacker may leverage this issue to execute...
Mtp-Target 1.2.2 Client - Remote Format String
Mtp-Target 1.2.2 Client - Remote Format String source: https://www.securityfocus.com/bid/13460/info A remote format string vulnerability affects Mtp-Target Client. This issue is due to a failure of the application to securely call a formatted printing function. An attacker may leverage this issue...
Mtp-Target 1.2.2 Client - Remote Format String
source: https://www.securityfocus.com/bid/13460/info A remote format string vulnerability affects Mtp-Target Client. This issue is due to a failure of the application to securely call a formatted printing function. An attacker may leverage this issue to execute arbitrary code with the privileges ...