VulnerableCode Package Details - pkg:maven/org.keycloak/keycloak-parent@20.0.5

Search for packages

Vulnerability	Summary	Fixed by
VCID-1m3m-ay28-aaag Aliases: CVE-2019-14910 GHSA-jf86-9434-f8c2	Improper Authentication A vulnerability was found in keycloak, when keycloak is configured with LDAP user federation and StartTLS is used instead of SSL/TLS from the LDAP server (ldaps), in this case user authentication succeeds even if invalid password has entered.	There are no reported fixed by versions.
VCID-dgpm-z9v1-aaak Aliases: CVE-2023-6927 GHSA-3p75-q5cc-qmj7	A flaw was found in Keycloak. This issue may allow an attacker to steal authorization codes or tokens from clients using a wildcard in the JARM response mode "form_post.jwt" which could be used to bypass the security patch implemented to address CVE-2023-6134.	23.0.4 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-kfzc-yxas-aaad Aliases: CVE-2023-6291 GHSA-mpwq-j3xf-7m5w	The redirect_uri validation logic allows for bypassing explicitly allowed hosts that would otherwise be restricted	23.0.0 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}

Vulnerability

Summary

Fixed by

VCID-1m3m-ay28-aaag
Aliases:
CVE-2019-14910
GHSA-jf86-9434-f8c2

Improper Authentication A vulnerability was found in keycloak, when keycloak is configured with LDAP user federation and StartTLS is used instead of SSL/TLS from the LDAP server (ldaps), in this case user authentication succeeds even if invalid password has entered.

There are no reported fixed by versions.

VCID-dgpm-z9v1-aaak
Aliases:
CVE-2023-6927
GHSA-3p75-q5cc-qmj7

A flaw was found in Keycloak. This issue may allow an attacker to steal authorization codes or tokens from clients using a wildcard in the JARM response mode "form_post.jwt" which could be used to bypass the security patch implemented to address CVE-2023-6134.

23.0.4
Affected by 1 other vulnerability.

VCID-kfzc-yxas-aaad
Aliases:
CVE-2023-6291
GHSA-mpwq-j3xf-7m5w

The redirect_uri validation logic allows for bypassing explicitly allowed hosts that would otherwise be restricted

23.0.0
Affected by 2 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-sjz1-u3j6-aaas	Keycloak Cross-site Scripting on OpenID connect login service	CVE-2022-4137 GHSA-9hhc-pj4w-w5rv GMS-2023-616

Vulnerability

Summary

Aliases

VCID-sjz1-u3j6-aaas

Keycloak Cross-site Scripting on OpenID connect login service

CVE-2022-4137
GHSA-9hhc-pj4w-w5rv
GMS-2023-616

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-06-20T16:51:38.390143+00:00	GitLab Importer	Affected by	VCID-kfzc-yxas-aaad	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-parent/CVE-2023-6291.yml	36.1.3
2025-06-20T16:50:11.806651+00:00	GitLab Importer	Affected by	VCID-dgpm-z9v1-aaak	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-parent/GHSA-3p75-q5cc-qmj7.yml	36.1.3
2025-06-20T16:23:30.673357+00:00	GitLab Importer	Fixing	VCID-sjz1-u3j6-aaas	None	36.1.3
2025-06-20T15:52:02.881709+00:00	GitLab Importer	Affected by	VCID-1m3m-ay28-aaag	None	36.1.3
2025-06-20T15:48:13.984594+00:00	GitLab Importer	Affected by	VCID-1m3m-ay28-aaag	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-parent/CVE-2019-14910.yml	36.1.3
2025-06-03T23:28:58.055210+00:00	GitLab Importer	Affected by	VCID-kfzc-yxas-aaad	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-parent/CVE-2023-6291.yml	36.1.0
2025-06-03T23:27:41.130707+00:00	GitLab Importer	Affected by	VCID-dgpm-z9v1-aaak	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-parent/GHSA-3p75-q5cc-qmj7.yml	36.1.0
2025-06-03T23:03:02.588357+00:00	GitLab Importer	Fixing	VCID-sjz1-u3j6-aaas	None	36.1.0
2025-06-03T22:32:56.908003+00:00	GitLab Importer	Affected by	VCID-1m3m-ay28-aaag	None	36.1.0
2025-06-03T22:29:16.062169+00:00	GitLab Importer	Affected by	VCID-1m3m-ay28-aaag	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-parent/CVE-2019-14910.yml	36.1.0
2025-06-02T23:26:37.510713+00:00	GitLab Importer	Affected by	VCID-kfzc-yxas-aaad	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-parent/CVE-2023-6291.yml	36.1.2
2025-06-02T23:25:17.045445+00:00	GitLab Importer	Affected by	VCID-dgpm-z9v1-aaak	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-parent/GHSA-3p75-q5cc-qmj7.yml	36.1.2
2025-06-02T22:59:34.369091+00:00	GitLab Importer	Fixing	VCID-sjz1-u3j6-aaas	None	36.1.2
2025-06-02T22:21:34.279487+00:00	GitLab Importer	Affected by	VCID-1m3m-ay28-aaag	None	36.1.2
2025-06-02T22:17:40.481109+00:00	GitLab Importer	Affected by	VCID-1m3m-ay28-aaag	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-parent/CVE-2019-14910.yml	36.1.2
2025-04-03T21:52:38.159515+00:00	GitLab Importer	Affected by	VCID-kfzc-yxas-aaad	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-parent/CVE-2023-6291.yml	36.0.0
2025-04-03T21:49:49.381950+00:00	GitLab Importer	Affected by	VCID-dgpm-z9v1-aaak	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-parent/GHSA-3p75-q5cc-qmj7.yml	36.0.0
2025-04-03T20:54:59.438780+00:00	GitLab Importer	Fixing	VCID-sjz1-u3j6-aaas	None	36.0.0
2025-04-03T19:56:44.541701+00:00	GitLab Importer	Affected by	VCID-1m3m-ay28-aaag	None	36.0.0
2025-04-03T19:51:31.453775+00:00	GitLab Importer	Affected by	VCID-1m3m-ay28-aaag	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-parent/CVE-2019-14910.yml	36.0.0
2025-02-18T08:09:44.664624+00:00	GitLab Importer	Fixing	VCID-sjz1-u3j6-aaas	None	35.1.0
2025-02-18T06:41:23.762186+00:00	GitLab Importer	Affected by	VCID-1m3m-ay28-aaag	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-parent/CVE-2019-14910.yml	35.1.0
2025-02-18T06:41:23.231392+00:00	GitLab Importer	Affected by	VCID-1m3m-ay28-aaag	None	35.1.0
2025-02-18T01:07:44.639353+00:00	GitLab Importer	Affected by	VCID-dgpm-z9v1-aaak	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-parent/GHSA-3p75-q5cc-qmj7.yml	35.1.0
2025-02-18T01:06:42.241170+00:00	GitLab Importer	Affected by	VCID-kfzc-yxas-aaad	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-parent/CVE-2023-6291.yml	35.1.0
2024-11-21T02:37:25.616727+00:00	GitLab Importer	Affected by	VCID-1m3m-ay28-aaag	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-parent/CVE-2019-14910.yml	35.0.0
2024-11-20T23:31:19.817526+00:00	GitLab Importer	Affected by	VCID-kfzc-yxas-aaad	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-parent/CVE-2023-6291.yml	35.0.0
2024-11-19T02:27:33.500868+00:00	GitLab Importer	Affected by	VCID-1m3m-ay28-aaag	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-parent/CVE-2019-14910.yml	34.3.2
2024-11-18T23:20:29.320138+00:00	GitLab Importer	Affected by	VCID-kfzc-yxas-aaad	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-parent/CVE-2023-6291.yml	34.3.2
2024-10-15T19:04:47.080888+00:00	GithubOSV Importer	Fixing	VCID-sjz1-u3j6-aaas	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/03/GHSA-9hhc-pj4w-w5rv/GHSA-9hhc-pj4w-w5rv.json	34.0.2
2024-10-08T03:02:25.657448+00:00	GitLab Importer	Affected by	VCID-1m3m-ay28-aaag	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-parent/CVE-2019-14910.yml	34.0.2
2024-10-08T00:17:37.525702+00:00	GitLab Importer	Affected by	VCID-kfzc-yxas-aaad	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-parent/CVE-2023-6291.yml	34.0.2
2024-10-07T21:53:13.535480+00:00	GHSA Importer	Affected by	VCID-dgpm-z9v1-aaak	https://github.com/advisories/GHSA-3p75-q5cc-qmj7	34.0.2
2024-10-07T20:53:55.416642+00:00	GHSA Importer	Fixing	VCID-sjz1-u3j6-aaas	https://github.com/advisories/GHSA-9hhc-pj4w-w5rv	34.0.2
2024-09-23T02:52:17.140083+00:00	GitLab Importer	Affected by	VCID-1m3m-ay28-aaag	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-parent/CVE-2019-14910.yml	34.0.1
2024-09-23T00:31:35.019432+00:00	GitLab Importer	Affected by	VCID-kfzc-yxas-aaad	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-parent/CVE-2023-6291.yml	34.0.1
2024-09-22T22:22:28.760651+00:00	GHSA Importer	Affected by	VCID-dgpm-z9v1-aaak	https://github.com/advisories/GHSA-3p75-q5cc-qmj7	34.0.1
2024-09-18T09:24:39.683090+00:00	GithubOSV Importer	Fixing	VCID-sjz1-u3j6-aaas	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/03/GHSA-9hhc-pj4w-w5rv/GHSA-9hhc-pj4w-w5rv.json	34.0.1
2024-09-17T22:02:45.589236+00:00	GHSA Importer	Fixing	VCID-sjz1-u3j6-aaas	https://github.com/advisories/GHSA-9hhc-pj4w-w5rv	34.0.1
2024-05-17T21:08:30.574540+00:00	GHSA Importer	Affected by	VCID-dgpm-z9v1-aaak	https://github.com/advisories/GHSA-3p75-q5cc-qmj7	34.0.0rc4
2024-04-24T06:24:56.191697+00:00	GitLab Importer	Fixing	VCID-sjz1-u3j6-aaas	None	34.0.0rc4
2024-04-24T05:31:11.676246+00:00	GitLab Importer	Affected by	VCID-1m3m-ay28-aaag	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-parent/CVE-2019-14910.yml	34.0.0rc4
2024-04-24T05:31:11.238602+00:00	GitLab Importer	Affected by	VCID-1m3m-ay28-aaag	None	34.0.0rc4
2024-04-24T02:42:39.351273+00:00	GitLab Importer	Affected by	VCID-kfzc-yxas-aaad	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-parent/CVE-2023-6291.yml	34.0.0rc4
2024-04-23T23:39:07.358198+00:00	GHSA Importer	Fixing	VCID-sjz1-u3j6-aaas	https://github.com/advisories/GHSA-9hhc-pj4w-w5rv	34.0.0rc4
2024-04-23T23:39:05.774156+00:00	GHSA Importer	Fixing	VCID-sjz1-u3j6-aaas	None	34.0.0rc4
2024-04-23T23:16:32.398608+00:00	GithubOSV Importer	Fixing	VCID-sjz1-u3j6-aaas	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/03/GHSA-9hhc-pj4w-w5rv/GHSA-9hhc-pj4w-w5rv.json	34.0.0rc4
2024-04-23T19:34:52.457921+00:00	GHSA Importer	Affected by	VCID-1m3m-ay28-aaag	None	34.0.0rc4
2024-01-10T08:53:19.302639+00:00	GitLab Importer	Fixing	VCID-sjz1-u3j6-aaas	None	34.0.0rc2
2024-01-10T08:03:09.005941+00:00	GitLab Importer	Affected by	VCID-1m3m-ay28-aaag	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-parent/CVE-2019-14910.yml	34.0.0rc2
2024-01-10T08:03:08.630243+00:00	GitLab Importer	Affected by	VCID-1m3m-ay28-aaag	None	34.0.0rc2
2024-01-10T03:14:43.703307+00:00	GHSA Importer	Affected by	VCID-dgpm-z9v1-aaak	https://github.com/advisories/GHSA-3p75-q5cc-qmj7	34.0.0rc2
2024-01-10T01:40:55.040294+00:00	GHSA Importer	Fixing	VCID-sjz1-u3j6-aaas	https://github.com/advisories/GHSA-9hhc-pj4w-w5rv	34.0.0rc2
2024-01-10T01:40:53.422480+00:00	GHSA Importer	Fixing	VCID-sjz1-u3j6-aaas	None	34.0.0rc2
2024-01-09T21:27:45.725808+00:00	GHSA Importer	Affected by	VCID-1m3m-ay28-aaag	None	34.0.0rc2
2024-01-04T01:38:38.271051+00:00	GitLab Importer	Fixing	VCID-sjz1-u3j6-aaas	None	34.0.0rc1
2024-01-04T00:48:18.065563+00:00	GitLab Importer	Affected by	VCID-1m3m-ay28-aaag	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-parent/CVE-2019-14910.yml	34.0.0rc1
2024-01-04T00:48:17.672983+00:00	GitLab Importer	Affected by	VCID-1m3m-ay28-aaag	None	34.0.0rc1
2024-01-03T17:37:33.690341+00:00	GHSA Importer	Fixing	VCID-sjz1-u3j6-aaas	https://github.com/advisories/GHSA-9hhc-pj4w-w5rv	34.0.0rc1
2024-01-03T16:23:17.803121+00:00	GHSA Importer	Affected by	VCID-1m3m-ay28-aaag	None	34.0.0rc1