VulnerableCode Package Details - pkg:maven/org.keycloak/keycloak-server-spi-private@22.0.3

Search for packages

Vulnerability	Summary	Fixed by
VCID-kfzc-yxas-aaad Aliases: CVE-2023-6291 GHSA-mpwq-j3xf-7m5w	The redirect_uri validation logic allows for bypassing explicitly allowed hosts that would otherwise be restricted	23.0.0 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-kfzc-yxas-aaad
Aliases:
CVE-2023-6291
GHSA-mpwq-j3xf-7m5w

The redirect_uri validation logic allows for bypassing explicitly allowed hosts that would otherwise be restricted

23.0.0
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-a3d5-nsyp-aaaf	A flaw was found in the Keycloak package, more specifically org.keycloak.userprofile. When a user registers itself through registration flow, the "password" and "password-confirm" field from the form will occur as regular user attributes. All users and clients with proper rights and roles are able to read users attributes, allowing a malicious user with minimal access to retrieve the users passwords in clear text, jeopardizing their environment.	CVE-2023-4918 GHSA-5q66-v53q-pm35

Vulnerability

Summary

Aliases

VCID-a3d5-nsyp-aaaf

A flaw was found in the Keycloak package, more specifically org.keycloak.userprofile. When a user registers itself through registration flow, the "password" and "password-confirm" field from the form will occur as regular user attributes. All users and clients with proper rights and roles are able to read users attributes, allowing a malicious user with minimal access to retrieve the users passwords in clear text, jeopardizing their environment.

CVE-2023-4918
GHSA-5q66-v53q-pm35

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-06-20T16:51:41.067441+00:00	GitLab Importer	Affected by	VCID-kfzc-yxas-aaad	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-server-spi-private/CVE-2023-6291.yml	36.1.3
2025-06-20T16:42:14.219170+00:00	GitLab Importer	Fixing	VCID-a3d5-nsyp-aaaf	None	36.1.3
2025-06-20T16:42:13.808199+00:00	GitLab Importer	Fixing	VCID-a3d5-nsyp-aaaf	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-server-spi-private/CVE-2023-4918.yml	36.1.3
2025-06-03T23:29:00.598232+00:00	GitLab Importer	Affected by	VCID-kfzc-yxas-aaad	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-server-spi-private/CVE-2023-6291.yml	36.1.0
2025-06-03T23:20:40.969719+00:00	GitLab Importer	Fixing	VCID-a3d5-nsyp-aaaf	None	36.1.0
2025-06-03T23:20:40.592976+00:00	GitLab Importer	Fixing	VCID-a3d5-nsyp-aaaf	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-server-spi-private/CVE-2023-4918.yml	36.1.0
2025-06-02T23:26:40.220211+00:00	GitLab Importer	Affected by	VCID-kfzc-yxas-aaad	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-server-spi-private/CVE-2023-6291.yml	36.1.2
2025-06-02T23:17:51.529612+00:00	GitLab Importer	Fixing	VCID-a3d5-nsyp-aaaf	None	36.1.2
2025-06-02T23:17:51.162427+00:00	GitLab Importer	Fixing	VCID-a3d5-nsyp-aaaf	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-server-spi-private/CVE-2023-4918.yml	36.1.2
2025-04-03T21:52:44.917570+00:00	GitLab Importer	Affected by	VCID-kfzc-yxas-aaad	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-server-spi-private/CVE-2023-6291.yml	36.0.0
2025-04-03T21:33:44.655639+00:00	GitLab Importer	Fixing	VCID-a3d5-nsyp-aaaf	None	36.0.0
2025-04-03T21:33:44.211565+00:00	GitLab Importer	Fixing	VCID-a3d5-nsyp-aaaf	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-server-spi-private/CVE-2023-4918.yml	36.0.0
2025-02-18T03:41:24.199671+00:00	GitLab Importer	Fixing	VCID-a3d5-nsyp-aaaf	None	35.1.0
2025-02-18T03:41:24.130008+00:00	GitLab Importer	Fixing	VCID-a3d5-nsyp-aaaf	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-server-spi-private/CVE-2023-4918.yml	35.1.0
2025-02-18T01:06:40.758124+00:00	GitLab Importer	Affected by	VCID-kfzc-yxas-aaad	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-server-spi-private/CVE-2023-6291.yml	35.1.0
2024-11-21T00:59:37.345864+00:00	GitLab Importer	Fixing	VCID-a3d5-nsyp-aaaf	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-server-spi-private/CVE-2023-4918.yml	35.0.0
2024-11-20T23:31:22.094972+00:00	GitLab Importer	Affected by	VCID-kfzc-yxas-aaad	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-server-spi-private/CVE-2023-6291.yml	35.0.0
2024-11-19T00:48:14.448848+00:00	GitLab Importer	Fixing	VCID-a3d5-nsyp-aaaf	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-server-spi-private/CVE-2023-4918.yml	34.3.2
2024-11-18T23:20:31.593036+00:00	GitLab Importer	Affected by	VCID-kfzc-yxas-aaad	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-server-spi-private/CVE-2023-6291.yml	34.3.2
2024-10-08T01:20:10.608922+00:00	GitLab Importer	Fixing	VCID-a3d5-nsyp-aaaf	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-server-spi-private/CVE-2023-4918.yml	34.0.2
2024-10-08T00:17:39.795264+00:00	GitLab Importer	Affected by	VCID-kfzc-yxas-aaad	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-server-spi-private/CVE-2023-6291.yml	34.0.2
2024-09-23T00:31:37.197406+00:00	GitLab Importer	Affected by	VCID-kfzc-yxas-aaad	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-server-spi-private/CVE-2023-6291.yml	34.0.1
2024-09-17T22:41:32.931696+00:00	GitLab Importer	Fixing	VCID-a3d5-nsyp-aaaf	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-server-spi-private/CVE-2023-4918.yml	34.0.1
2024-04-24T03:58:12.237641+00:00	GitLab Importer	Fixing	VCID-a3d5-nsyp-aaaf	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-server-spi-private/CVE-2023-4918.yml	34.0.0rc4
2024-04-24T03:56:04.596093+00:00	GitLab Importer	Fixing	VCID-a3d5-nsyp-aaaf	None	34.0.0rc4
2024-04-24T02:42:36.041056+00:00	GitLab Importer	Affected by	VCID-kfzc-yxas-aaad	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-server-spi-private/CVE-2023-6291.yml	34.0.0rc4
2024-01-10T06:36:35.573744+00:00	GitLab Importer	Fixing	VCID-a3d5-nsyp-aaaf	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-server-spi-private/CVE-2023-4918.yml	34.0.0rc2
2024-01-10T06:36:34.655468+00:00	GitLab Importer	Fixing	VCID-a3d5-nsyp-aaaf	None	34.0.0rc2
2024-01-03T23:23:05.486487+00:00	GitLab Importer	Fixing	VCID-a3d5-nsyp-aaaf	None	34.0.0rc1
2024-01-03T18:03:49.808767+00:00	GitLab Importer	Fixing	VCID-a3d5-nsyp-aaaf	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-server-spi-private/CVE-2023-4918.yml	34.0.0rc1

2025-06-20T16:51:41.067441+00:00

GitLab Importer

Affected by

VCID-kfzc-yxas-aaad

https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-server-spi-private/CVE-2023-6291.yml

36.1.3

2025-06-20T16:42:14.219170+00:00

GitLab Importer

Fixing

Next non-vulnerable version	23.0.0
Latest non-vulnerable version	23.0.0
Risk	4.0