VulnerableCode Package Details - pkg:maven/org.keycloak/keycloak-model-infinispan@2.2.1.Final

Search for packages

Vulnerability	Summary	Fixed by
VCID-4wpu-jga7-9fer Aliases: CVE-2019-14832 GHSA-8prc-58j4-m55q	Keycloak Unauthenticated Access A flaw was found in the Keycloak REST API before version 8.0.0, implemented in Keycloak before 7.0.1 where it would permit user access from a realm the user was not configured. An authenticated attacker with knowledge of a user id could use this flaw to access unauthorized information or to carry out further attacks.	7.0.1 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-dxj3-8sk5-mfdy Aliases: CVE-2022-3916 GHSA-97g8-xfvw-q4hg GMS-2022-8406	Insufficient Session Expiration A flaw was found in the offline_access scope in Keycloak. This issue would affect users of shared computers more (especially if cookies are not cleared), due to a lack of root session validation, and the reuse of session ids across root and user authentication sessions. This enables an attacker to resolve a user session attached to a previously authenticated user; when utilizing the refresh token, they will be issued a token for the original user.	20.0.2 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-nhe2-8dtq-gqbf Aliases: CVE-2023-6291 GHSA-mpwq-j3xf-7m5w	URL Redirection to Untrusted Site ('Open Redirect') A flaw was found in the redirect_uri validation logic in Keycloak. This issue may allow a bypass of otherwise explicitly allowed hosts. A successful attack may lead to an access token being stolen, making it possible for the attacker to impersonate other users.	23.0.0 Affected by 0 other vulnerabilities.
VCID-xdfe-9zr4-47ax Aliases: CVE-2021-3637 GHSA-2vp8-jv5v-6qh6	Allocation of Resources Without Limits or Throttling A flaw was found in keycloak-model-infinispan in keycloak where authenticationSessions map in RootAuthenticationSessionEntity grows boundlessly which could lead to a DoS attack.	14.0.0 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}

Vulnerability

Summary

Fixed by

VCID-4wpu-jga7-9fer
Aliases:
CVE-2019-14832
GHSA-8prc-58j4-m55q

Keycloak Unauthenticated Access A flaw was found in the Keycloak REST API before version 8.0.0, implemented in Keycloak before 7.0.1 where it would permit user access from a realm the user was not configured. An authenticated attacker with knowledge of a user id could use this flaw to access unauthorized information or to carry out further attacks.

7.0.1
Affected by 3 other vulnerabilities.

VCID-dxj3-8sk5-mfdy
Aliases:
CVE-2022-3916
GHSA-97g8-xfvw-q4hg
GMS-2022-8406

Insufficient Session Expiration A flaw was found in the offline_access scope in Keycloak. This issue would affect users of shared computers more (especially if cookies are not cleared), due to a lack of root session validation, and the reuse of session ids across root and user authentication sessions. This enables an attacker to resolve a user session attached to a previously authenticated user; when utilizing the refresh token, they will be issued a token for the original user.

20.0.2
Affected by 1 other vulnerability.

VCID-nhe2-8dtq-gqbf
Aliases:
CVE-2023-6291
GHSA-mpwq-j3xf-7m5w

URL Redirection to Untrusted Site ('Open Redirect') A flaw was found in the redirect_uri validation logic in Keycloak. This issue may allow a bypass of otherwise explicitly allowed hosts. A successful attack may lead to an access token being stolen, making it possible for the attacker to impersonate other users.

23.0.0
Affected by 0 other vulnerabilities.

VCID-xdfe-9zr4-47ax
Aliases:
CVE-2021-3637
GHSA-2vp8-jv5v-6qh6

Allocation of Resources Without Limits or Throttling A flaw was found in keycloak-model-infinispan in keycloak where authenticationSessions map in RootAuthenticationSessionEntity grows boundlessly which could lead to a DoS attack.

14.0.0
Affected by 2 other vulnerabilities.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T22:48:48.723183+00:00	GitLab Importer	Affected by	VCID-nhe2-8dtq-gqbf	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-model-infinispan/CVE-2023-6291.yml	38.4.0
2026-04-16T22:38:59.489434+00:00	GitLab Importer	Affected by	VCID-dxj3-8sk5-mfdy	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-model-infinispan/CVE-2022-3916.yml	38.4.0
2026-04-16T21:55:52.190677+00:00	GitLab Importer	Affected by	VCID-4wpu-jga7-9fer	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-model-infinispan/CVE-2019-14832.yml	38.4.0
2026-04-16T21:27:17.418128+00:00	GitLab Importer	Affected by	VCID-xdfe-9zr4-47ax	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-model-infinispan/CVE-2021-3637.yml	38.4.0
2026-04-12T00:08:39.650775+00:00	GitLab Importer	Affected by	VCID-nhe2-8dtq-gqbf	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-model-infinispan/CVE-2023-6291.yml	38.3.0
2026-04-11T23:58:25.904496+00:00	GitLab Importer	Affected by	VCID-dxj3-8sk5-mfdy	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-model-infinispan/CVE-2022-3916.yml	38.3.0
2026-04-11T23:11:15.521620+00:00	GitLab Importer	Affected by	VCID-4wpu-jga7-9fer	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-model-infinispan/CVE-2019-14832.yml	38.3.0
2026-04-11T22:40:13.342091+00:00	GitLab Importer	Affected by	VCID-xdfe-9zr4-47ax	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-model-infinispan/CVE-2021-3637.yml	38.3.0
2026-04-03T00:13:17.912174+00:00	GitLab Importer	Affected by	VCID-nhe2-8dtq-gqbf	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-model-infinispan/CVE-2023-6291.yml	38.1.0
2026-04-03T00:01:28.625592+00:00	GitLab Importer	Affected by	VCID-dxj3-8sk5-mfdy	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-model-infinispan/CVE-2022-3916.yml	38.1.0
2026-04-02T23:19:44.197842+00:00	GitLab Importer	Affected by	VCID-4wpu-jga7-9fer	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-model-infinispan/CVE-2019-14832.yml	38.1.0
2026-04-02T22:50:44.688733+00:00	GitLab Importer	Affected by	VCID-xdfe-9zr4-47ax	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-model-infinispan/CVE-2021-3637.yml	38.1.0
2026-04-01T17:40:15.772924+00:00	GitLab Importer	Affected by	VCID-4wpu-jga7-9fer	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-model-infinispan/CVE-2019-14832.yml	38.0.0
2026-04-01T17:08:43.358008+00:00	GitLab Importer	Affected by	VCID-xdfe-9zr4-47ax	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-model-infinispan/CVE-2021-3637.yml	38.0.0