Search for packages
| purl | pkg:maven/org.keycloak/keycloak-core@26.0.2 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-u2dq-vdqf-jbez
Aliases: CVE-2024-10039 GHSA-93ww-43rr-79v3 |
Keycloak mTLS Authentication Bypass via Reverse Proxy TLS Termination A vulnerability was found in Keycloak. Deployments of Keycloak with a reverse proxy not using pass-through termination of TLS, with mTLS enabled, are affected. This issue may allow an attacker on the local network to authenticate as any user or client that leverages mTLS as the authentication mechanism. |
Affected by 1 other vulnerability. |
|
VCID-xf12-zevt-8qha
Aliases: CVE-2024-4028 GHSA-q4xq-445g-g6ch |
Keycloak allows cross-site scripting (XSS) A vulnerability was found in Keycloak. This issue may allow a privileged attacker to use a malicious payload as the permission while creating items (Resource and Permissions) from the admin console, leading to a stored cross-site scripting (XSS) attack. |
Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2025-08-01T12:11:29.760794+00:00 | GitLab Importer | Affected by | VCID-xf12-zevt-8qha | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-core/CVE-2024-4028.yml | 37.0.0 |
| 2025-08-01T12:04:37.892266+00:00 | GitLab Importer | Affected by | VCID-u2dq-vdqf-jbez | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-core/CVE-2024-10039.yml | 37.0.0 |