org.keycloak:keycloak-parent

vulnerable: 1.0-alpha-1 ... 3.4.0.CR1 (78 versions)

It was found that Keycloak would accept a HOST header URL in the admin console and use it to determine web resource locations. An attacker could use this flaw against an authenticated user to attain reflected XSS via a malicious server.

vulnerable: 1.0-alpha-1 ... 3.4.0.CR1 (78 versions)

It was found that the cookie used for CSRF prevention in Keycloak was not unique to each session. An attacker could use this flaw to gain access to an authenticated user session, leading to possible information disclosure or further attack…

vulnerable: 1.0-alpha-1 ... 3.3.0.CR2 (76 versions)

It was found that Keycloak oauth would permit an authenticated resource to obtain an access/refresh token pair from the authentication server, permitting indefinite usage in the case of permission revocation. An attacker on an already comp…

vulnerable: 4.3.0.Final

A flaw was found in Keycloak 3.4.3.Final, 4.0.0.Beta2, 4.3.0.Final. When using 'response_mode=form_post' it is possible to inject arbitrary Javascript-Code via the 'state'-parameter in the authentication URL. This allows an XSS-Attack upon…

vulnerable: 1.0-alpha-1 ... 4.5.0.Final (93 versions)

A flaw was found in Keycloak 4.2.1.Final, 4.3.0.Final. When TOPT enabled, an improper implementation of the Brute Force detection algorithm will not enforce its protection measures.

vulnerable: 7.0.0, 7.0.1

A vulnerability was found in Keycloak 7.x where the user federation LDAP bind type is none (LDAP anonymous bind), any password, invalid or valid will be accepted.

vulnerable: 7.0.0, 7.0.1

A vulnerability was found in keycloak 7.x, when keycloak is configured with LDAP user federation and StartTLS is used instead of SSL/TLS from the LDAP server (ldaps), in this case user authentication succeeds even if invalid password has e…

vulnerable: 1.0-alpha-1 ... 9.0.3 (112 versions)

A flaw was found in Keycloak's data filter, in version 10.0.1, where it allowed the processing of data URLs in some circumstances. This flaw allows an attacker to conduct cross-site scripting or further attacks.

vulnerable: 1.0-alpha-1 ... 9.0.3 (114 versions)

A vulnerability was found in Keycloak before 11.0.1 where DoS attack is possible by sending twenty requests simultaneously to the specified keycloak server, all with a Content-Length header value that exceeds the actual byte count of the r…

vulnerable: 1.0-alpha-1 ... 9.0.3 (117 versions)

A vulnerability was found in keycloak, where path traversal using URL-encoded path segments in the request is possible because the resources endpoint applies a transformation of the url path to the file path. Only few specific folder hiera…

vulnerable: 1.0-alpha-1 ... 9.0.3 (110 versions)

A flaw was found in all versions of Keycloak before 10.0.0, where the NodeJS adapter did not support the verify-token-audience. This flaw results in some users having access to sensitive information outside of their permissions.

vulnerable: 1.0-alpha-1 ... 7.0.1 (104 versions)

A flaw was found in Keycloak 7.0.1. A logged in user can do an account email enumeration attack.

vulnerable: 1.0-alpha-1 ... 7.0.1 (104 versions)

A flaw was found in the reset credential flow in all Keycloak versions before 8.0.0. This flaw allows an attacker to gain unauthorized access to the application.

vulnerable: 1.0-alpha-1 ... 9.0.3 (122 versions)

A flaw was found in keycloak before version 13.0.0. In some scenarios a user still has access to a resource after changing the role mappings in Keycloak and after expiration of the previous access token.

vulnerable: 1.0-alpha-1 ... 9.0.3 (110 versions)

A flaw was found in Keycloak in versions before 10.0.0, where it does not perform the TLS hostname verification while sending emails using the SMTP server. This flaw allows an attacker to perform a man-in-the-middle (MITM) attack.

vulnerable: 10.0.0 ... 9.0.3 (13 versions)

A flaw was found in keycloak. The new account console in keycloak can allow malicious code to be executed using the referrer URL. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availab…

vulnerable: 1.0-alpha-1 ... 9.0.3 (124 versions)

A flaw was found in keycloak where keycloak may fail to logout user session if the logout request comes from external SAML identity provider and Principal Type is set to Attribute [Name].

vulnerable: 1.0-alpha-1 ... 9.0.3 (122 versions)

A flaw was found in keycloak where a brute force attack is possible even when the permanent lockout feature is enabled. This is due to a wrong error message displayed when wrong credentials are entered. The highest threat from this vulnera…

vulnerable: 1.0-alpha-1 ... 9.0.3 (140 versions)

A Stored Cross-site scripting (XSS) vulnerability was found in keycloak as shipped in Red Hat Single Sign-On 7. This flaw allows a privileged attacker to execute malicious scripts in the admin console, abusing the default roles functionali…

vulnerable: 1.0-alpha-1 ... 9.0.3 (140 versions)

An issue was discovered in Keycloak that allows arbitrary Javascript to be uploaded for the SAML protocol mapper even if the UPLOAD_SCRIPTS feature is disabled

vulnerable: 1.0-alpha-1 ... 9.0.3 (144 versions)

keycloak: path traversal via double URL encoding. A flaw was found in Keycloak, where it does not properly validate URLs included in a redirect. An attacker can use this flaw to construct a malicious request to bypass validation and access…

vulnerable: 1.0-alpha-1 ... 9.0.3 (144 versions)

A flaw was found in the offline_access scope in Keycloak. This issue would affect users of shared computers more (especially if cookies are not cleared), due to a lack of root session validation, and the reuse of session ids across root an…

vulnerable: 1.0-alpha-1 ... 9.0.3 (147 versions)

A reflected cross-site scripting (XSS) vulnerability was found in the 'oob' OAuth endpoint due to incorrect null-byte handling. This issue allows a malicious link to insert an arbitrary URI into a Keycloak error page. This flaw requires a …

vulnerable: 1.0-alpha-1 ... 9.0.3 (217 versions)

A flaw was found in Keycloak. The Keycloak Authorization header parser is overly permissive regarding the formatting of the "Bearer" authentication scheme. It accepts non-standard characters (such as tabs) as separators and tolerates case …

vulnerable: 1.0-alpha-1 ... 9.0.3 (219 versions)

A flaw was found in Keycloak’s CIBA feature where insufficient validation of client-configured backchannel notification endpoints could allow blind server-side requests to internal services.