VulnerableCode Package Details - pkg:maven/org.keycloak/keycloak-model-infinispan@22.0.3

Search for packages

Vulnerability	Summary	Fixed by
VCID-kfzc-yxas-aaad Aliases: CVE-2023-6291 GHSA-mpwq-j3xf-7m5w	The redirect_uri validation logic allows for bypassing explicitly allowed hosts that would otherwise be restricted	23.0.0 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-kfzc-yxas-aaad
Aliases:
CVE-2023-6291
GHSA-mpwq-j3xf-7m5w

The redirect_uri validation logic allows for bypassing explicitly allowed hosts that would otherwise be restricted

23.0.0
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-a3d5-nsyp-aaaf	A flaw was found in the Keycloak package, more specifically org.keycloak.userprofile. When a user registers itself through registration flow, the "password" and "password-confirm" field from the form will occur as regular user attributes. All users and clients with proper rights and roles are able to read users attributes, allowing a malicious user with minimal access to retrieve the users passwords in clear text, jeopardizing their environment.	CVE-2023-4918 GHSA-5q66-v53q-pm35

Vulnerability

Summary

Aliases

VCID-a3d5-nsyp-aaaf

A flaw was found in the Keycloak package, more specifically org.keycloak.userprofile. When a user registers itself through registration flow, the "password" and "password-confirm" field from the form will occur as regular user attributes. All users and clients with proper rights and roles are able to read users attributes, allowing a malicious user with minimal access to retrieve the users passwords in clear text, jeopardizing their environment.

CVE-2023-4918
GHSA-5q66-v53q-pm35

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-06-20T16:51:40.440530+00:00	GitLab Importer	Affected by	VCID-kfzc-yxas-aaad	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-model-infinispan/CVE-2023-6291.yml	36.1.3
2025-06-20T16:42:19.865181+00:00	GitLab Importer	Fixing	VCID-a3d5-nsyp-aaaf	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-model-infinispan/CVE-2023-4918.yml	36.1.3
2025-06-20T16:42:12.060261+00:00	GitLab Importer	Fixing	VCID-a3d5-nsyp-aaaf	None	36.1.3
2025-06-03T23:29:00.008504+00:00	GitLab Importer	Affected by	VCID-kfzc-yxas-aaad	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-model-infinispan/CVE-2023-6291.yml	36.1.0
2025-06-03T23:20:46.017394+00:00	GitLab Importer	Fixing	VCID-a3d5-nsyp-aaaf	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-model-infinispan/CVE-2023-4918.yml	36.1.0
2025-06-03T23:20:39.025713+00:00	GitLab Importer	Fixing	VCID-a3d5-nsyp-aaaf	None	36.1.0
2025-06-02T23:26:39.574802+00:00	GitLab Importer	Affected by	VCID-kfzc-yxas-aaad	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-model-infinispan/CVE-2023-6291.yml	36.1.2
2025-06-02T23:17:56.959597+00:00	GitLab Importer	Fixing	VCID-a3d5-nsyp-aaaf	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-model-infinispan/CVE-2023-4918.yml	36.1.2
2025-06-02T23:17:48.935410+00:00	GitLab Importer	Fixing	VCID-a3d5-nsyp-aaaf	None	36.1.2
2025-04-03T21:52:43.387152+00:00	GitLab Importer	Affected by	VCID-kfzc-yxas-aaad	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-model-infinispan/CVE-2023-6291.yml	36.0.0
2025-04-03T21:33:54.260765+00:00	GitLab Importer	Fixing	VCID-a3d5-nsyp-aaaf	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-model-infinispan/CVE-2023-4918.yml	36.0.0
2025-04-03T21:33:42.571190+00:00	GitLab Importer	Fixing	VCID-a3d5-nsyp-aaaf	None	36.0.0
2025-02-18T03:41:24.056611+00:00	GitLab Importer	Fixing	VCID-a3d5-nsyp-aaaf	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-model-infinispan/CVE-2023-4918.yml	35.1.0
2025-02-18T03:41:23.691670+00:00	GitLab Importer	Fixing	VCID-a3d5-nsyp-aaaf	None	35.1.0
2025-02-18T01:06:38.745645+00:00	GitLab Importer	Affected by	VCID-kfzc-yxas-aaad	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-model-infinispan/CVE-2023-6291.yml	35.1.0
2024-11-21T00:59:37.427488+00:00	GitLab Importer	Fixing	VCID-a3d5-nsyp-aaaf	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-model-infinispan/CVE-2023-4918.yml	35.0.0
2024-11-20T23:31:18.021998+00:00	GitLab Importer	Affected by	VCID-kfzc-yxas-aaad	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-model-infinispan/CVE-2023-6291.yml	35.0.0
2024-11-19T00:48:14.525040+00:00	GitLab Importer	Fixing	VCID-a3d5-nsyp-aaaf	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-model-infinispan/CVE-2023-4918.yml	34.3.2
2024-11-18T23:20:27.596729+00:00	GitLab Importer	Affected by	VCID-kfzc-yxas-aaad	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-model-infinispan/CVE-2023-6291.yml	34.3.2
2024-10-08T01:20:10.688813+00:00	GitLab Importer	Fixing	VCID-a3d5-nsyp-aaaf	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-model-infinispan/CVE-2023-4918.yml	34.0.2
2024-10-08T00:17:35.258184+00:00	GitLab Importer	Affected by	VCID-kfzc-yxas-aaad	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-model-infinispan/CVE-2023-6291.yml	34.0.2
2024-09-23T00:31:33.394717+00:00	GitLab Importer	Affected by	VCID-kfzc-yxas-aaad	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-model-infinispan/CVE-2023-6291.yml	34.0.1
2024-09-17T22:41:33.769261+00:00	GitLab Importer	Fixing	VCID-a3d5-nsyp-aaaf	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-model-infinispan/CVE-2023-4918.yml	34.0.1
2024-04-24T03:56:04.489842+00:00	GitLab Importer	Fixing	VCID-a3d5-nsyp-aaaf	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-model-infinispan/CVE-2023-4918.yml	34.0.0rc4
2024-04-24T03:56:04.057667+00:00	GitLab Importer	Fixing	VCID-a3d5-nsyp-aaaf	None	34.0.0rc4
2024-04-24T02:42:40.183379+00:00	GitLab Importer	Affected by	VCID-kfzc-yxas-aaad	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-model-infinispan/CVE-2023-6291.yml	34.0.0rc4
2024-01-10T06:36:34.549028+00:00	GitLab Importer	Fixing	VCID-a3d5-nsyp-aaaf	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-model-infinispan/CVE-2023-4918.yml	34.0.0rc2
2024-01-10T06:36:34.125299+00:00	GitLab Importer	Fixing	VCID-a3d5-nsyp-aaaf	None	34.0.0rc2
2024-01-03T23:23:04.958712+00:00	GitLab Importer	Fixing	VCID-a3d5-nsyp-aaaf	None	34.0.0rc1
2024-01-03T18:03:50.234851+00:00	GitLab Importer	Fixing	VCID-a3d5-nsyp-aaaf	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-model-infinispan/CVE-2023-4918.yml	34.0.0rc1

2025-06-20T16:51:40.440530+00:00

GitLab Importer

Affected by

VCID-kfzc-yxas-aaad

https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-model-infinispan/CVE-2023-6291.yml

36.1.3

2025-06-20T16:42:19.865181+00:00

GitLab Importer

Fixing

Next non-vulnerable version	23.0.0
Latest non-vulnerable version	23.0.0
Risk	4.0