Single Sign-on@7.4 Security Vulnerabilities and Issues — Single Sign-on@7.4 CVE List

Lucene search

RedhatSingle Sign-on7.4

4 matches found

CVE•added 2021/05/28 11:15 a.m.•153 views

CVE-2020-27826

A flaw was found in Keycloak before version 12.0.0 where it is possible to update the user's metadata attributes using Account REST API. This flaw allows an attacker to change its own NameID attribute to impersonate the admin user for any particular application.

4.9CVSS3.9AI score0.00166EPSS

CVE•added 2020/09/16 4:15 p.m.•101 views

CVE-2020-10758

A vulnerability was found in Keycloak before 11.0.1 where DoS attack is possible by sending twenty requests simultaneously to the specified keycloak server, all with a Content-Length header value that exceeds the actual byte count of the request body.

7.5CVSS7.2AI score0.00529EPSS

CVE•added 2021/06/01 7:15 p.m.•100 views

CVE-2021-3424

A flaw was found in keycloak as shipped in Red Hat Single Sign-On 7.4 where IDN homograph attacks are possible. A malicious user can register himself with a name already registered and trick admin to grant him extra privileges.

5.3CVSS5.2AI score0.00164EPSS

CVE•added 2022/04/01 11:15 p.m.•85 views

CVE-2021-3461

A flaw was found in keycloak where keycloak may fail to logout user session if the logout request comes from external SAML identity provider and Principal Type is set to Attribute [Name].

7.1CVSS6.6AI score0.00052EPSS