Lucene search
K

6 matches found

RedHat Linux
RedHat Linux
added 2023/10/05 10:37 p.m.4 views

keycloak: Untrusted Certificate Validation

A flaw was found in Keycloak. This flaw depends on a non-default configuration "Revalidate Client Certificate" to be enabled and the reverse proxy is not validating the certificate before Keycloak. Using this method an attacker may choose the certificate which will be validated by the server. If...

6.5CVSS5.7AI score0.00425EPSS
Exploits0References5
OSV
OSV
added 2023/06/30 8:30 p.m.1 views

GHSA-5CC8-PGP5-7MPM Keycloak Untrusted Certificate Validation vulnerability

A flaw was found in keycloak-core. This flaw considers the scenario when using X509 Client Certificate Authenticatior with the option "Revalidate Client Certificate". A user may be able to choose, if directly connect to keycloak not passing via reverse proxy a specific certificate. If there's a...

6.5CVSS5.8AI score0.00425EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2023/06/27 6:52 p.m.4 views

keycloak: Untrusted Certificate Validation

A flaw was found in Keycloak. This flaw depends on a non-default configuration "Revalidate Client Certificate" to be enabled and the reverse proxy is not validating the certificate before Keycloak. Using this method an attacker may choose the certificate which will be validated by the server. If...

6.5CVSS5.7AI score0.00425EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2023/06/27 6:52 p.m.5 views

keycloak: Untrusted Certificate Validation

A flaw was found in Keycloak. This flaw depends on a non-default configuration "Revalidate Client Certificate" to be enabled and the reverse proxy is not validating the certificate before Keycloak. Using this method an attacker may choose the certificate which will be validated by the server. If...

6.5CVSS5.7AI score0.00425EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2023/05/30 2:23 a.m.2 views

SUSE CVE-2023-1664

A flaw was found in Keycloak. This flaw depends on a non-default configuration "Revalidate Client Certificate" to be enabled and the reverse proxy is not validating the certificate before Keycloak. Using this method an attacker may choose the certificate which will be validated by the server. If...

6.5CVSS6.4AI score0.00425EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2023/05/26 6:15 p.m.3 views

CVE-2023-1664

A flaw was found in Keycloak. This flaw depends on a non-default configuration "Revalidate Client Certificate" to be enabled and the reverse proxy is not validating the certificate before Keycloak. Using this method an attacker may choose the certificate which will be validated by the server. If...

6.5CVSS5.8AI score0.00425EPSS
Exploits0References2
Rows per page
Query Builder