VulnerableCode Package Details - pkg:maven/org.keycloak/keycloak-model-jpa@22.0.3

Search for packages

Vulnerability	Summary	Fixed by
VCID-kfzc-yxas-aaad Aliases: CVE-2023-6291 GHSA-mpwq-j3xf-7m5w	The redirect_uri validation logic allows for bypassing explicitly allowed hosts that would otherwise be restricted	23.0.0 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-kfzc-yxas-aaad
Aliases:
CVE-2023-6291
GHSA-mpwq-j3xf-7m5w

The redirect_uri validation logic allows for bypassing explicitly allowed hosts that would otherwise be restricted

23.0.0
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-a3d5-nsyp-aaaf	A flaw was found in the Keycloak package, more specifically org.keycloak.userprofile. When a user registers itself through registration flow, the "password" and "password-confirm" field from the form will occur as regular user attributes. All users and clients with proper rights and roles are able to read users attributes, allowing a malicious user with minimal access to retrieve the users passwords in clear text, jeopardizing their environment.	CVE-2023-4918 GHSA-5q66-v53q-pm35

Vulnerability

Summary

Aliases

VCID-a3d5-nsyp-aaaf

A flaw was found in the Keycloak package, more specifically org.keycloak.userprofile. When a user registers itself through registration flow, the "password" and "password-confirm" field from the form will occur as regular user attributes. All users and clients with proper rights and roles are able to read users attributes, allowing a malicious user with minimal access to retrieve the users passwords in clear text, jeopardizing their environment.

CVE-2023-4918
GHSA-5q66-v53q-pm35

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-06-20T16:51:41.399083+00:00	GitLab Importer	Affected by	VCID-kfzc-yxas-aaad	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-model-jpa/CVE-2023-6291.yml	36.1.3
2025-06-20T16:42:07.032623+00:00	GitLab Importer	Fixing	VCID-a3d5-nsyp-aaaf	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-model-jpa/CVE-2023-4918.yml	36.1.3
2025-06-20T16:42:01.684117+00:00	GitLab Importer	Fixing	VCID-a3d5-nsyp-aaaf	None	36.1.3
2025-06-03T23:29:00.874915+00:00	GitLab Importer	Affected by	VCID-kfzc-yxas-aaad	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-model-jpa/CVE-2023-6291.yml	36.1.0
2025-06-03T23:20:34.681086+00:00	GitLab Importer	Fixing	VCID-a3d5-nsyp-aaaf	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-model-jpa/CVE-2023-4918.yml	36.1.0
2025-06-03T23:20:29.492754+00:00	GitLab Importer	Fixing	VCID-a3d5-nsyp-aaaf	None	36.1.0
2025-06-02T23:26:40.557449+00:00	GitLab Importer	Affected by	VCID-kfzc-yxas-aaad	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-model-jpa/CVE-2023-6291.yml	36.1.2
2025-06-02T23:17:44.304184+00:00	GitLab Importer	Fixing	VCID-a3d5-nsyp-aaaf	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-model-jpa/CVE-2023-4918.yml	36.1.2
2025-06-02T23:17:39.061393+00:00	GitLab Importer	Fixing	VCID-a3d5-nsyp-aaaf	None	36.1.2
2025-04-03T21:52:45.826561+00:00	GitLab Importer	Affected by	VCID-kfzc-yxas-aaad	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-model-jpa/CVE-2023-6291.yml	36.0.0
2025-04-03T21:33:36.275053+00:00	GitLab Importer	Fixing	VCID-a3d5-nsyp-aaaf	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-model-jpa/CVE-2023-4918.yml	36.0.0
2025-04-03T21:33:27.246508+00:00	GitLab Importer	Fixing	VCID-a3d5-nsyp-aaaf	None	36.0.0
2025-02-18T03:41:23.841758+00:00	GitLab Importer	Fixing	VCID-a3d5-nsyp-aaaf	None	35.1.0
2025-02-18T03:41:23.613811+00:00	GitLab Importer	Fixing	VCID-a3d5-nsyp-aaaf	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-model-jpa/CVE-2023-4918.yml	35.1.0
2025-02-18T01:06:38.078943+00:00	GitLab Importer	Affected by	VCID-kfzc-yxas-aaad	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-model-jpa/CVE-2023-6291.yml	35.1.0
2024-11-21T00:59:38.378954+00:00	GitLab Importer	Fixing	VCID-a3d5-nsyp-aaaf	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-model-jpa/CVE-2023-4918.yml	35.0.0
2024-11-20T23:31:17.317610+00:00	GitLab Importer	Affected by	VCID-kfzc-yxas-aaad	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-model-jpa/CVE-2023-6291.yml	35.0.0
2024-11-19T00:48:15.418265+00:00	GitLab Importer	Fixing	VCID-a3d5-nsyp-aaaf	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-model-jpa/CVE-2023-4918.yml	34.3.2
2024-11-18T23:20:26.922977+00:00	GitLab Importer	Affected by	VCID-kfzc-yxas-aaad	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-model-jpa/CVE-2023-6291.yml	34.3.2
2024-10-08T01:20:11.068950+00:00	GitLab Importer	Fixing	VCID-a3d5-nsyp-aaaf	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-model-jpa/CVE-2023-4918.yml	34.0.2
2024-10-08T00:17:34.564306+00:00	GitLab Importer	Affected by	VCID-kfzc-yxas-aaad	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-model-jpa/CVE-2023-6291.yml	34.0.2
2024-09-23T00:31:32.723461+00:00	GitLab Importer	Affected by	VCID-kfzc-yxas-aaad	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-model-jpa/CVE-2023-6291.yml	34.0.1
2024-09-17T22:41:41.928496+00:00	GitLab Importer	Fixing	VCID-a3d5-nsyp-aaaf	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-model-jpa/CVE-2023-4918.yml	34.0.1
2024-04-24T03:56:04.279999+00:00	GitLab Importer	Fixing	VCID-a3d5-nsyp-aaaf	None	34.0.0rc4
2024-04-24T03:56:03.949749+00:00	GitLab Importer	Fixing	VCID-a3d5-nsyp-aaaf	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-model-jpa/CVE-2023-4918.yml	34.0.0rc4
2024-04-24T02:42:35.381005+00:00	GitLab Importer	Affected by	VCID-kfzc-yxas-aaad	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-model-jpa/CVE-2023-6291.yml	34.0.0rc4
2024-01-10T06:36:34.337940+00:00	GitLab Importer	Fixing	VCID-a3d5-nsyp-aaaf	None	34.0.0rc2
2024-01-10T06:36:34.025793+00:00	GitLab Importer	Fixing	VCID-a3d5-nsyp-aaaf	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-model-jpa/CVE-2023-4918.yml	34.0.0rc2
2024-01-03T23:23:05.178608+00:00	GitLab Importer	Fixing	VCID-a3d5-nsyp-aaaf	None	34.0.0rc1
2024-01-03T18:03:55.059994+00:00	GitLab Importer	Fixing	VCID-a3d5-nsyp-aaaf	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-model-jpa/CVE-2023-4918.yml	34.0.0rc1

2025-06-20T16:51:41.399083+00:00

GitLab Importer

Affected by

VCID-kfzc-yxas-aaad

https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-model-jpa/CVE-2023-6291.yml

36.1.3

2025-06-20T16:42:07.032623+00:00

GitLab Importer

Fixing

Next non-vulnerable version	23.0.0
Latest non-vulnerable version	23.0.0
Risk	4.0