Search for packages
| purl | pkg:maven/org.keycloak/keycloak-saml-core-public@22.0.2 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-gfj3-2set-rycr
Aliases: CVE-2023-4918 GHSA-5q66-v53q-pm35 |
Cleartext Transmission of Sensitive Information A flaw was found in the Keycloak package, more specifically org.keycloak.userprofile. When a user registers itself through registration flow, the "password" and "password-confirm" field from the form will occur as regular user attributes. All users and clients with proper rights and roles are able to read users attributes, allowing a malicious user with minimal access to retrieve the users passwords in clear text, jeopardizing their environment. |
Affected by 1 other vulnerability. |
|
VCID-nhe2-8dtq-gqbf
Aliases: CVE-2023-6291 GHSA-mpwq-j3xf-7m5w |
URL Redirection to Untrusted Site ('Open Redirect') A flaw was found in the redirect_uri validation logic in Keycloak. This issue may allow a bypass of otherwise explicitly allowed hosts. A successful attack may lead to an access token being stolen, making it possible for the attacker to impersonate other users. |
Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||