5 matches found
Linux Distros Unpatched Vulnerability : CVE-2025-14559
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in the keycloak-services component of Keycloak. This vulnerability allows the issuance of access and refresh tokens for disabled users, leading...
Improper Enforcement of Behavioral Workflow
Overview org.keycloak:keycloak-services is an open source identity and access management solution for modern applications and services. Affected versions of this package are vulnerable to Improper Enforcement of Behavioral Workflow via the Token Exchange implementation. An attacker can obtain...
Keycloak security vulnerabilities
Keycloak is an open-source identity and access management solution developed by Keycloak itself. Keycloak has a security vulnerability, which stems from a business logic flaw in the token exchange mechanism. This flaw may lead to the issuance of access and refresh tokens for disabled users,...
CVE-2025-12421 Account Takeover via Code Exchange Endpoint
Mattermost versions 11.0.x = 11.0.2, 10.12.x = 10.12.1, 10.11.x = 10.11.4, 10.5.x = 10.5.12 fail to to verify that the token used during the code exchange originates from the same authentication flow, which allows an authenticated user to perform account takeover via a specially crafted email...
Exposure of Sensitive System Information to an Unauthorized Control Sphere
Overview Affected versions of this package are vulnerable to Exposure of Sensitive System Information to an Unauthorized Control Sphere due to the improper validation of target registry domains during the token exchange process. An attacker can extract and misuse authentication tokens by directin...