Lucene search
K

4 matches found

RedhatCVE
RedhatCVE
added 2026/07/05 6:55 a.m.12 views

CVE-2026-14781

A flaw exists in the org.keycloak.broker.oidc package where the OIDC broker incorrectly synchronizes the emailverified claim. When an OIDC identity provider is configured with trustEmail=true and the userinfo endpoint is enabled, Keycloak retrieves the email address from the userinfo response but...

4.8CVSS6.1AI score0.00196EPSS
Exploits0References3
Code423n4
Code423n4
added 2023/07/28 12:0 a.m.13 views

A grant cannot be removed if the user has already claimed/withdrawn all his tokens beforehand

Lines of code Vulnerability details The revokeGrant is used to removes a grant. Any available vested tokens will be sent to the grant recipient. Any remaining unvested tokens will be sent to the vesting manager. But in the case when the user has already claimed all his tokens, the revokeGrant wil...

7AI score
Exploits0
Github Security Blog
Github Security Blog
added 2021/06/23 6:0 p.m.44 views

Possible bypass of token claim validation when OAuth2 Introspection caching is enabled

Impact When you make a request to an endpoint that requires the scope foo using an access token granted with that foo scope, introspection will be valid and that token will be cached. The problem comes when a second requests to an endpoint that requires the scope bar is made before the cache has...

1AI score
Exploits0References2Affected Software1
Veracode
Veracode
added 2021/06/23 4:48 a.m.20 views

Insecure Token Validation

github.com/ory/oathkeeper is using an insecure token validation. It bypasses token claim validation once a token is in the cache. The vulnerability exists only when caching is not disabled...

7.5CVSS1.8AI score0.01298EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder