Search for packages
| purl | pkg:maven/org.keycloak/keycloak-saml-core@3.4.2.Final |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-8zrg-f41g-pqfk
Aliases: CVE-2021-3827 GHSA-4pc7-vqv5-5r3v GMS-2022-1098 |
ECP SAML binding bypasses authentication flows ### Description A flaw was found in keycloak, where the default ECP binding flow allows other authentication flows to be bypassed. By exploiting this behavior, an attacker can bypass the MFA authentication by sending a SOAP request with an AuthnRequest and Authorization header with the user's credentials. The highest threat from this vulnerability is to confidentiality and integrity. |
Affected by 3 other vulnerabilities. |
|
VCID-qcj1-m1ga-9qh1
Aliases: GHSA-4xx7-2cx3-x473 |
Duplicate Advisory: Keycloak SAML signature validation flaw # Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-xgfv-xpx8-qhcr. This link is maintained to preserve external references. # Original Description A flaw exists in the SAML signature validation method within the Keycloak XMLSignatureUtil class. The method incorrectly determines whether a SAML signature is for the full document or only for specific assertions based on the position of the signature in the XML document, rather than the Reference element used to specify the signed element. This flaw allows attackers to create crafted responses that can bypass the validation, potentially leading to privilege escalation or impersonation attacks. |
Affected by 1 other vulnerability. |
|
VCID-xd7x-aevv-cfcp
Aliases: CVE-2026-2575 GHSA-xv6h-r36f-3gp5 |
Keycloak: Denial of Service due to excessive SAMLRequest decompression A flaw was found in Keycloak. An unauthenticated remote attacker can trigger an application level Denial of Service (DoS) by sending a highly compressed SAMLRequest through the SAML Redirect Binding. The server fails to enforce size limits during DEFLATE decompression, leading to an OutOfMemoryError (OOM) and subsequent process termination. This vulnerability allows an attacker to disrupt the availability of the service. |
Affected by 0 other vulnerabilities. |
|
VCID-z76m-nbap-v7ab
Aliases: CVE-2024-8698 GHSA-xgfv-xpx8-qhcr |
Improper Verification of SAML Responses Leading to Privilege Escalation in Keycloak A flaw exists in the SAML signature validation method within the Keycloak XMLSignatureUtil class. The method incorrectly determines whether a SAML signature is for the full document or only for specific assertions based on the position of the signature in the XML document, rather than the Reference element used to specify the signed element. This flaw allows attackers to create crafted responses that can bypass the validation, potentially leading to privilege escalation or impersonation attacks. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 1 other vulnerability. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||