Lucene search

K

5 matches found

CVE
CVE
added 2023/08/04 6:15 p.m.308 views

CVE-2023-0264

A flaw was found in Keycloaks OpenID Connect user authentication, which may incorrectly authenticate requests. An authenticated attacker who could obtain information from a user request within the same realm could use that data to impersonate the victim and generate new session tokens. This issue c...

5CVSS4.5AI score0.03942EPSS
Web
CVE
CVE
added 2023/12/14 10:15 p.m.177 views

CVE-2023-6134

A flaw was found in Keycloak that prevents certain schemes in redirects, but permits them if a wildcard is appended to the token. This issue could allow an attacker to submit a specially crafted request leading to cross-site scripting (XSS) or further attacks. This flaw is the result of an incomple...

5.4CVSS5.3AI score0.01411EPSS
CVE
CVE
added 2020/09/16 6:15 p.m.129 views

CVE-2020-10748

A flaw was found in Keycloak's data filter, in version 10.0.1, where it allowed the processing of data URLs in some circumstances. This flaw allows an attacker to conduct cross-site scripting or further attacks.

6.1CVSS5.3AI score0.00391EPSS
CVE
CVE
added 2019/06/12 2:29 p.m.107 views

CVE-2019-10157

It was found that Keycloak's Node.js adapter before version 4.8.3 did not properly verify the web token received from the server in its backchannel logout . An attacker with local access could use this to construct a malicious web token setting an NBF parameter that could prevent user access indefi...

5.5CVSS5.1AI score0.00019EPSS
CVE
CVE
added 2021/05/26 10:15 p.m.81 views

CVE-2020-10695

An insecure modification flaw in the /etc/passwd file was found in the redhat-sso-7 container. An attacker with access to the container can use this flaw to modify the /etc/passwd and escalate their privileges.

7.8CVSS7.6AI score0.00041EPSS