Search for packages
Package details: pkg:maven/org.keycloak/keycloak-parent@22.0.3
purl pkg:maven/org.keycloak/keycloak-parent@22.0.3
Next non-vulnerable version None.
Latest non-vulnerable version None.
Risk 4.5
Vulnerabilities affecting this package (3)
Vulnerability Summary Fixed by
VCID-1m3m-ay28-aaag
Aliases:
CVE-2019-14910
GHSA-jf86-9434-f8c2
Improper Authentication A vulnerability was found in keycloak, when keycloak is configured with LDAP user federation and StartTLS is used instead of SSL/TLS from the LDAP server (ldaps), in this case user authentication succeeds even if invalid password has entered. There are no reported fixed by versions.
VCID-dgpm-z9v1-aaak
Aliases:
CVE-2023-6927
GHSA-3p75-q5cc-qmj7
A flaw was found in Keycloak. This issue may allow an attacker to steal authorization codes or tokens from clients using a wildcard in the JARM response mode "form_post.jwt" which could be used to bypass the security patch implemented to address CVE-2023-6134.
23.0.4
Affected by 1 other vulnerability.
VCID-kfzc-yxas-aaad
Aliases:
CVE-2023-6291
GHSA-mpwq-j3xf-7m5w
The redirect_uri validation logic allows for bypassing explicitly allowed hosts that would otherwise be restricted
23.0.0
Affected by 2 other vulnerabilities.
Vulnerabilities fixed by this package (1)
Vulnerability Summary Aliases
VCID-a3d5-nsyp-aaaf A flaw was found in the Keycloak package, more specifically org.keycloak.userprofile. When a user registers itself through registration flow, the "password" and "password-confirm" field from the form will occur as regular user attributes. All users and clients with proper rights and roles are able to read users attributes, allowing a malicious user with minimal access to retrieve the users passwords in clear text, jeopardizing their environment. CVE-2023-4918
GHSA-5q66-v53q-pm35

Date Actor Action Vulnerability Source VulnerableCode Version
2025-06-20T16:51:38.408359+00:00 GitLab Importer Affected by VCID-kfzc-yxas-aaad https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-parent/CVE-2023-6291.yml 36.1.3
2025-06-20T16:50:11.825025+00:00 GitLab Importer Affected by VCID-dgpm-z9v1-aaak https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-parent/GHSA-3p75-q5cc-qmj7.yml 36.1.3
2025-06-20T16:42:19.802631+00:00 GitLab Importer Fixing VCID-a3d5-nsyp-aaaf None 36.1.3
2025-06-20T16:42:02.001855+00:00 GitLab Importer Fixing VCID-a3d5-nsyp-aaaf https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-parent/CVE-2023-4918.yml 36.1.3
2025-06-20T15:52:02.899672+00:00 GitLab Importer Affected by VCID-1m3m-ay28-aaag None 36.1.3
2025-06-20T15:48:14.003286+00:00 GitLab Importer Affected by VCID-1m3m-ay28-aaag https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-parent/CVE-2019-14910.yml 36.1.3
2025-06-03T23:28:58.073204+00:00 GitLab Importer Affected by VCID-kfzc-yxas-aaad https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-parent/CVE-2023-6291.yml 36.1.0
2025-06-03T23:27:41.148697+00:00 GitLab Importer Affected by VCID-dgpm-z9v1-aaak https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-parent/GHSA-3p75-q5cc-qmj7.yml 36.1.0
2025-06-03T23:20:45.959512+00:00 GitLab Importer Fixing VCID-a3d5-nsyp-aaaf None 36.1.0
2025-06-03T23:20:29.780961+00:00 GitLab Importer Fixing VCID-a3d5-nsyp-aaaf https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-parent/CVE-2023-4918.yml 36.1.0
2025-06-03T22:32:56.922990+00:00 GitLab Importer Affected by VCID-1m3m-ay28-aaag None 36.1.0
2025-06-03T22:29:16.077279+00:00 GitLab Importer Affected by VCID-1m3m-ay28-aaag https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-parent/CVE-2019-14910.yml 36.1.0
2025-06-02T23:26:37.530852+00:00 GitLab Importer Affected by VCID-kfzc-yxas-aaad https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-parent/CVE-2023-6291.yml 36.1.2
2025-06-02T23:25:17.064845+00:00 GitLab Importer Affected by VCID-dgpm-z9v1-aaak https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-parent/GHSA-3p75-q5cc-qmj7.yml 36.1.2
2025-06-02T23:17:56.885518+00:00 GitLab Importer Fixing VCID-a3d5-nsyp-aaaf None 36.1.2
2025-06-02T23:17:39.359453+00:00 GitLab Importer Fixing VCID-a3d5-nsyp-aaaf https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-parent/CVE-2023-4918.yml 36.1.2
2025-06-02T22:21:34.298487+00:00 GitLab Importer Affected by VCID-1m3m-ay28-aaag None 36.1.2
2025-06-02T22:17:40.502796+00:00 GitLab Importer Affected by VCID-1m3m-ay28-aaag https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-parent/CVE-2019-14910.yml 36.1.2
2025-04-03T21:52:38.209640+00:00 GitLab Importer Affected by VCID-kfzc-yxas-aaad https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-parent/CVE-2023-6291.yml 36.0.0
2025-04-03T21:49:49.431929+00:00 GitLab Importer Affected by VCID-dgpm-z9v1-aaak https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-parent/GHSA-3p75-q5cc-qmj7.yml 36.0.0
2025-04-03T21:33:54.081992+00:00 GitLab Importer Fixing VCID-a3d5-nsyp-aaaf None 36.0.0
2025-04-03T21:33:27.469522+00:00 GitLab Importer Fixing VCID-a3d5-nsyp-aaaf https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-parent/CVE-2023-4918.yml 36.0.0
2025-04-03T19:56:44.590505+00:00 GitLab Importer Affected by VCID-1m3m-ay28-aaag None 36.0.0
2025-04-03T19:51:31.502338+00:00 GitLab Importer Affected by VCID-1m3m-ay28-aaag https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-parent/CVE-2019-14910.yml 36.0.0
2025-02-18T06:41:23.810794+00:00 GitLab Importer Affected by VCID-1m3m-ay28-aaag https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-parent/CVE-2019-14910.yml 35.1.0
2025-02-18T06:41:23.279872+00:00 GitLab Importer Affected by VCID-1m3m-ay28-aaag None 35.1.0
2025-02-18T03:41:24.583809+00:00 GitLab Importer Fixing VCID-a3d5-nsyp-aaaf https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-parent/CVE-2023-4918.yml 35.1.0
2025-02-18T03:41:23.914204+00:00 GitLab Importer Fixing VCID-a3d5-nsyp-aaaf None 35.1.0
2025-02-18T01:07:44.687690+00:00 GitLab Importer Affected by VCID-dgpm-z9v1-aaak https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-parent/GHSA-3p75-q5cc-qmj7.yml 35.1.0
2025-02-18T01:06:42.291175+00:00 GitLab Importer Affected by VCID-kfzc-yxas-aaad https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-parent/CVE-2023-6291.yml 35.1.0
2024-11-21T02:37:25.666422+00:00 GitLab Importer Affected by VCID-1m3m-ay28-aaag https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-parent/CVE-2019-14910.yml 35.0.0
2024-11-21T00:59:38.207156+00:00 GitLab Importer Fixing VCID-a3d5-nsyp-aaaf https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-parent/CVE-2023-4918.yml 35.0.0
2024-11-20T23:31:19.867353+00:00 GitLab Importer Affected by VCID-kfzc-yxas-aaad https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-parent/CVE-2023-6291.yml 35.0.0
2024-11-19T02:27:33.550543+00:00 GitLab Importer Affected by VCID-1m3m-ay28-aaag https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-parent/CVE-2019-14910.yml 34.3.2
2024-11-19T00:48:15.257114+00:00 GitLab Importer Fixing VCID-a3d5-nsyp-aaaf https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-parent/CVE-2023-4918.yml 34.3.2
2024-11-18T23:20:29.373311+00:00 GitLab Importer Affected by VCID-kfzc-yxas-aaad https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-parent/CVE-2023-6291.yml 34.3.2
2024-10-08T03:02:25.707689+00:00 GitLab Importer Affected by VCID-1m3m-ay28-aaag https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-parent/CVE-2019-14910.yml 34.0.2
2024-10-08T01:20:10.902066+00:00 GitLab Importer Fixing VCID-a3d5-nsyp-aaaf https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-parent/CVE-2023-4918.yml 34.0.2
2024-10-08T00:17:37.576712+00:00 GitLab Importer Affected by VCID-kfzc-yxas-aaad https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-parent/CVE-2023-6291.yml 34.0.2
2024-10-07T21:53:13.585392+00:00 GHSA Importer Affected by VCID-dgpm-z9v1-aaak https://github.com/advisories/GHSA-3p75-q5cc-qmj7 34.0.2
2024-09-23T02:52:17.188138+00:00 GitLab Importer Affected by VCID-1m3m-ay28-aaag https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-parent/CVE-2019-14910.yml 34.0.1
2024-09-23T00:31:35.068724+00:00 GitLab Importer Affected by VCID-kfzc-yxas-aaad https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-parent/CVE-2023-6291.yml 34.0.1
2024-09-22T22:22:28.811925+00:00 GHSA Importer Affected by VCID-dgpm-z9v1-aaak https://github.com/advisories/GHSA-3p75-q5cc-qmj7 34.0.1
2024-09-17T22:41:35.839056+00:00 GitLab Importer Fixing VCID-a3d5-nsyp-aaaf https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-parent/CVE-2023-4918.yml 34.0.1
2024-05-17T21:08:30.624453+00:00 GHSA Importer Affected by VCID-dgpm-z9v1-aaak https://github.com/advisories/GHSA-3p75-q5cc-qmj7 34.0.0rc4
2024-04-24T05:31:11.722711+00:00 GitLab Importer Affected by VCID-1m3m-ay28-aaag https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-parent/CVE-2019-14910.yml 34.0.0rc4
2024-04-24T05:31:11.285481+00:00 GitLab Importer Affected by VCID-1m3m-ay28-aaag None 34.0.0rc4
2024-04-24T03:56:04.913299+00:00 GitLab Importer Fixing VCID-a3d5-nsyp-aaaf https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-parent/CVE-2023-4918.yml 34.0.0rc4
2024-04-24T03:56:04.386978+00:00 GitLab Importer Fixing VCID-a3d5-nsyp-aaaf None 34.0.0rc4
2024-04-24T02:42:39.406461+00:00 GitLab Importer Affected by VCID-kfzc-yxas-aaad https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-parent/CVE-2023-6291.yml 34.0.0rc4
2024-04-23T19:34:52.504175+00:00 GHSA Importer Affected by VCID-1m3m-ay28-aaag None 34.0.0rc4
2024-01-10T08:03:09.046890+00:00 GitLab Importer Affected by VCID-1m3m-ay28-aaag https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-parent/CVE-2019-14910.yml 34.0.0rc2
2024-01-10T08:03:08.676400+00:00 GitLab Importer Affected by VCID-1m3m-ay28-aaag None 34.0.0rc2
2024-01-10T06:36:34.966792+00:00 GitLab Importer Fixing VCID-a3d5-nsyp-aaaf https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-parent/CVE-2023-4918.yml 34.0.0rc2
2024-01-10T06:36:34.448232+00:00 GitLab Importer Fixing VCID-a3d5-nsyp-aaaf None 34.0.0rc2
2024-01-10T03:14:43.755283+00:00 GHSA Importer Affected by VCID-dgpm-z9v1-aaak https://github.com/advisories/GHSA-3p75-q5cc-qmj7 34.0.0rc2
2024-01-09T21:27:45.774554+00:00 GHSA Importer Affected by VCID-1m3m-ay28-aaag None 34.0.0rc2
2024-01-04T00:48:18.111976+00:00 GitLab Importer Affected by VCID-1m3m-ay28-aaag https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-parent/CVE-2019-14910.yml 34.0.0rc1
2024-01-04T00:48:17.719011+00:00 GitLab Importer Affected by VCID-1m3m-ay28-aaag None 34.0.0rc1
2024-01-03T23:23:05.285217+00:00 GitLab Importer Fixing VCID-a3d5-nsyp-aaaf None 34.0.0rc1
2024-01-03T18:03:51.427273+00:00 GitLab Importer Fixing VCID-a3d5-nsyp-aaaf https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-parent/CVE-2023-4918.yml 34.0.0rc1
2024-01-03T16:23:17.849556+00:00 GHSA Importer Affected by VCID-1m3m-ay28-aaag None 34.0.0rc1