Search for packages
| purl | pkg:maven/org.keycloak/keycloak-saml-core-public@2.2.0.Final |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-dxj3-8sk5-mfdy
Aliases: CVE-2022-3916 GHSA-97g8-xfvw-q4hg GMS-2022-8406 |
Insufficient Session Expiration A flaw was found in the offline_access scope in Keycloak. This issue would affect users of shared computers more (especially if cookies are not cleared), due to a lack of root session validation, and the reuse of session ids across root and user authentication sessions. This enables an attacker to resolve a user session attached to a previously authenticated user; when utilizing the refresh token, they will be issued a token for the original user. |
Affected by 1 other vulnerability. |
|
VCID-fknh-1j7d-jyeq
Aliases: CVE-2022-1466 GHSA-f32v-vf79-p29q |
Improper authorization in Keycloak Due to improper authorization, Red Hat Single Sign-On is vulnerable to users performing actions that they should not be allowed to perform. It was possible to add users to the master realm even though no respective permission was granted. |
Affected by 3 other vulnerabilities. |
|
VCID-nhe2-8dtq-gqbf
Aliases: CVE-2023-6291 GHSA-mpwq-j3xf-7m5w |
URL Redirection to Untrusted Site ('Open Redirect') A flaw was found in the redirect_uri validation logic in Keycloak. This issue may allow a bypass of otherwise explicitly allowed hosts. A successful attack may lead to an access token being stolen, making it possible for the attacker to impersonate other users. |
Affected by 0 other vulnerabilities. |
|
VCID-scdf-8m3d-vqff
Aliases: CVE-2022-1245 GHSA-75p6-52g3-rqc8 GMS-2022-1039 |
Duplicate This advisory duplicates another. |
Affected by 3 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||