Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:maven/org.keycloak/keycloak-model-infinispan@20.0.2
purl pkg:maven/org.keycloak/keycloak-model-infinispan@20.0.2
Next non-vulnerable version 23.0.0
Latest non-vulnerable version 23.0.0
Risk 4.0
Vulnerabilities affecting this package (1)
Vulnerability Summary Fixed by
VCID-nhe2-8dtq-gqbf
Aliases:
CVE-2023-6291
GHSA-mpwq-j3xf-7m5w
URL Redirection to Untrusted Site ('Open Redirect') A flaw was found in the redirect_uri validation logic in Keycloak. This issue may allow a bypass of otherwise explicitly allowed hosts. A successful attack may lead to an access token being stolen, making it possible for the attacker to impersonate other users.
23.0.0
Affected by 0 other vulnerabilities.
Vulnerabilities fixed by this package (1)
Vulnerability Summary Aliases
VCID-dxj3-8sk5-mfdy Insufficient Session Expiration A flaw was found in the offline_access scope in Keycloak. This issue would affect users of shared computers more (especially if cookies are not cleared), due to a lack of root session validation, and the reuse of session ids across root and user authentication sessions. This enables an attacker to resolve a user session attached to a previously authenticated user; when utilizing the refresh token, they will be issued a token for the original user. CVE-2022-3916
GHSA-97g8-xfvw-q4hg
GMS-2022-8406

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-29T21:29:37.473661+00:00 GitLab Importer Affected by VCID-nhe2-8dtq-gqbf https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-model-infinispan/CVE-2023-6291.yml 38.5.0
2026-04-29T21:19:52.879762+00:00 GitLab Importer Fixing VCID-dxj3-8sk5-mfdy https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-model-infinispan/CVE-2022-3916.yml 38.5.0
2026-04-16T22:48:49.014934+00:00 GitLab Importer Affected by VCID-nhe2-8dtq-gqbf https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-model-infinispan/CVE-2023-6291.yml 38.4.0
2026-04-16T22:38:59.786608+00:00 GitLab Importer Fixing VCID-dxj3-8sk5-mfdy https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-model-infinispan/CVE-2022-3916.yml 38.4.0
2026-04-12T00:08:39.982598+00:00 GitLab Importer Affected by VCID-nhe2-8dtq-gqbf https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-model-infinispan/CVE-2023-6291.yml 38.3.0
2026-04-11T23:58:26.256357+00:00 GitLab Importer Fixing VCID-dxj3-8sk5-mfdy https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-model-infinispan/CVE-2022-3916.yml 38.3.0
2026-04-03T00:13:18.236072+00:00 GitLab Importer Affected by VCID-nhe2-8dtq-gqbf https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-model-infinispan/CVE-2023-6291.yml 38.1.0
2026-04-03T00:01:28.978004+00:00 GitLab Importer Fixing VCID-dxj3-8sk5-mfdy https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-model-infinispan/CVE-2022-3916.yml 38.1.0
2026-04-01T12:51:50.754685+00:00 GitLab Importer Fixing VCID-dxj3-8sk5-mfdy https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-model-infinispan/CVE-2022-3916.yml 38.0.0