Search for packages
| purl | pkg:maven/org.keycloak/keycloak-model-infinispan@10.0.2 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-dxj3-8sk5-mfdy
Aliases: CVE-2022-3916 GHSA-97g8-xfvw-q4hg GMS-2022-8406 |
Insufficient Session Expiration A flaw was found in the offline_access scope in Keycloak. This issue would affect users of shared computers more (especially if cookies are not cleared), due to a lack of root session validation, and the reuse of session ids across root and user authentication sessions. This enables an attacker to resolve a user session attached to a previously authenticated user; when utilizing the refresh token, they will be issued a token for the original user. |
Affected by 1 other vulnerability. |
|
VCID-nhe2-8dtq-gqbf
Aliases: CVE-2023-6291 GHSA-mpwq-j3xf-7m5w |
URL Redirection to Untrusted Site ('Open Redirect') A flaw was found in the redirect_uri validation logic in Keycloak. This issue may allow a bypass of otherwise explicitly allowed hosts. A successful attack may lead to an access token being stolen, making it possible for the attacker to impersonate other users. |
Affected by 0 other vulnerabilities. |
|
VCID-xdfe-9zr4-47ax
Aliases: CVE-2021-3637 GHSA-2vp8-jv5v-6qh6 |
Allocation of Resources Without Limits or Throttling A flaw was found in keycloak-model-infinispan in keycloak where authenticationSessions map in RootAuthenticationSessionEntity grows boundlessly which could lead to a DoS attack. |
Affected by 2 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||