keycloak-auth-utils is vulnerable to privilege escalation attacks. The vulnerability is possible because it does not properly perform the token validation in validateGrant()
. Therefore, attackers can bypass the authentication with invalid tokens and perform unauthorized access to the restricted information and possibly launch other attacks.
CPE | Name | Operator | Version |
---|---|---|---|
keycloak-auth-utils | le | 3.0.0 |