Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:maven/org.keycloak/keycloak-model-infinispan@22.0.3
purl pkg:maven/org.keycloak/keycloak-model-infinispan@22.0.3
Next non-vulnerable version 23.0.0
Latest non-vulnerable version 23.0.0
Risk 4.0
Vulnerabilities affecting this package (1)
Vulnerability Summary Fixed by
VCID-nhe2-8dtq-gqbf
Aliases:
CVE-2023-6291
GHSA-mpwq-j3xf-7m5w
URL Redirection to Untrusted Site ('Open Redirect') A flaw was found in the redirect_uri validation logic in Keycloak. This issue may allow a bypass of otherwise explicitly allowed hosts. A successful attack may lead to an access token being stolen, making it possible for the attacker to impersonate other users.
23.0.0
Affected by 0 other vulnerabilities.
Vulnerabilities fixed by this package (1)
Vulnerability Summary Aliases
VCID-gfj3-2set-rycr Cleartext Transmission of Sensitive Information A flaw was found in the Keycloak package, more specifically org.keycloak.userprofile. When a user registers itself through registration flow, the "password" and "password-confirm" field from the form will occur as regular user attributes. All users and clients with proper rights and roles are able to read users attributes, allowing a malicious user with minimal access to retrieve the users passwords in clear text, jeopardizing their environment. CVE-2023-4918
GHSA-5q66-v53q-pm35

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-29T21:29:37.517072+00:00 GitLab Importer Affected by VCID-nhe2-8dtq-gqbf https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-model-infinispan/CVE-2023-6291.yml 38.5.0
2026-04-29T21:18:55.603681+00:00 GitLab Importer Fixing VCID-gfj3-2set-rycr https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-model-infinispan/CVE-2023-4918.yml 38.5.0
2026-04-16T22:48:49.057744+00:00 GitLab Importer Affected by VCID-nhe2-8dtq-gqbf https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-model-infinispan/CVE-2023-6291.yml 38.4.0
2026-04-16T22:38:02.730520+00:00 GitLab Importer Fixing VCID-gfj3-2set-rycr https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-model-infinispan/CVE-2023-4918.yml 38.4.0
2026-04-12T00:08:40.029024+00:00 GitLab Importer Affected by VCID-nhe2-8dtq-gqbf https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-model-infinispan/CVE-2023-6291.yml 38.3.0
2026-04-11T23:57:22.270179+00:00 GitLab Importer Fixing VCID-gfj3-2set-rycr https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-model-infinispan/CVE-2023-4918.yml 38.3.0
2026-04-03T00:13:18.293932+00:00 GitLab Importer Affected by VCID-nhe2-8dtq-gqbf https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-model-infinispan/CVE-2023-6291.yml 38.1.0
2026-04-03T00:00:25.060246+00:00 GitLab Importer Fixing VCID-gfj3-2set-rycr https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-model-infinispan/CVE-2023-4918.yml 38.1.0
2026-04-01T12:51:48.288146+00:00 GitLab Importer Fixing VCID-gfj3-2set-rycr https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-model-infinispan/CVE-2023-4918.yml 38.0.0