Lucene search
K
RedhatSingle Sign On

4 matches found

CVE
CVE
added 2018/03/12 3:0 p.m.118 views

CVE-2017-2585

CVE-2017-2585 affects Red Hat Keycloak before version 2.5.1, where JWS token HMAC verification is implemented in non-constant time, potentially enabling timing attacks. Documents across OSV/GHSA/NVD reiterate this exact flaw for Keycloak; no explicit exploit details or affected version ranges bey...

5.9CVSS5.8AI score0.02053EPSS
CVE
CVE
added 2018/03/12 3:0 p.m.108 views

CVE-2016-8629

CVE-2016-8629 affects Red Hat Keycloak prior to version 2.4.0. The vulnerability is a failure to properly enforce permissions when handling service account user deletion requests sent to the REST server. An attacker with service account authentication could bypass normal permissions and delete us...

6.5CVSS6.5AI score0.01978EPSS
CVE
CVE
added 2017/10/26 5:0 p.m.95 views

CVE-2017-12158

CVE-2017-12158 is corroborated by multiple connected records showing a vulnerability in Keycloak where the admin console accepts a HOST header URL and uses it to resolve web resource locations. This leads to a reflected XSS possibility when an authenticated user visits a malicious server, enablin...

5.4CVSS5.1AI score0.01021EPSS
CVE
CVE
added 2017/10/26 5:0 p.m.95 views

CVE-2017-12159

CVE-2017-12159 maps to a CSRF cookie issue in Keycloak where the anti-CSRF token was not unique per session. This allows an attacker to access a victim’s authenticated session and potentially disclose information or aid further attacks, as documented by GHSA-7FMW-85QM-H22P and related advisories....

7.5CVSS6.9AI score0.02405EPSS