VulnerableCode Package Details - pkg:maven/org.keycloak/keycloak-saml-core-public@22.0.3

Search for packages

Vulnerability	Summary	Fixed by
VCID-kfzc-yxas-aaad Aliases: CVE-2023-6291 GHSA-mpwq-j3xf-7m5w	The redirect_uri validation logic allows for bypassing explicitly allowed hosts that would otherwise be restricted	23.0.0 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-kfzc-yxas-aaad
Aliases:
CVE-2023-6291
GHSA-mpwq-j3xf-7m5w

The redirect_uri validation logic allows for bypassing explicitly allowed hosts that would otherwise be restricted

23.0.0
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-a3d5-nsyp-aaaf	A flaw was found in the Keycloak package, more specifically org.keycloak.userprofile. When a user registers itself through registration flow, the "password" and "password-confirm" field from the form will occur as regular user attributes. All users and clients with proper rights and roles are able to read users attributes, allowing a malicious user with minimal access to retrieve the users passwords in clear text, jeopardizing their environment.	CVE-2023-4918 GHSA-5q66-v53q-pm35

Vulnerability

Summary

Aliases

VCID-a3d5-nsyp-aaaf

A flaw was found in the Keycloak package, more specifically org.keycloak.userprofile. When a user registers itself through registration flow, the "password" and "password-confirm" field from the form will occur as regular user attributes. All users and clients with proper rights and roles are able to read users attributes, allowing a malicious user with minimal access to retrieve the users passwords in clear text, jeopardizing their environment.

CVE-2023-4918
GHSA-5q66-v53q-pm35

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-06-20T16:51:40.686382+00:00	GitLab Importer	Affected by	VCID-kfzc-yxas-aaad	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-saml-core-public/CVE-2023-6291.yml	36.1.3
2025-06-20T16:42:16.269464+00:00	GitLab Importer	Fixing	VCID-a3d5-nsyp-aaaf	None	36.1.3
2025-06-20T16:41:58.830447+00:00	GitLab Importer	Fixing	VCID-a3d5-nsyp-aaaf	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-saml-core-public/CVE-2023-4918.yml	36.1.3
2025-06-03T23:29:00.240862+00:00	GitLab Importer	Affected by	VCID-kfzc-yxas-aaad	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-saml-core-public/CVE-2023-6291.yml	36.1.0
2025-06-03T23:20:42.777965+00:00	GitLab Importer	Fixing	VCID-a3d5-nsyp-aaaf	None	36.1.0
2025-06-03T23:20:26.640029+00:00	GitLab Importer	Fixing	VCID-a3d5-nsyp-aaaf	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-saml-core-public/CVE-2023-4918.yml	36.1.0
2025-06-02T23:26:39.827316+00:00	GitLab Importer	Affected by	VCID-kfzc-yxas-aaad	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-saml-core-public/CVE-2023-6291.yml	36.1.2
2025-06-02T23:17:53.504898+00:00	GitLab Importer	Fixing	VCID-a3d5-nsyp-aaaf	None	36.1.2
2025-06-02T23:17:36.487575+00:00	GitLab Importer	Fixing	VCID-a3d5-nsyp-aaaf	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-saml-core-public/CVE-2023-4918.yml	36.1.2
2025-04-03T21:52:44.058557+00:00	GitLab Importer	Affected by	VCID-kfzc-yxas-aaad	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-saml-core-public/CVE-2023-6291.yml	36.0.0
2025-04-03T21:33:47.065664+00:00	GitLab Importer	Fixing	VCID-a3d5-nsyp-aaaf	None	36.0.0
2025-04-03T21:33:24.745691+00:00	GitLab Importer	Fixing	VCID-a3d5-nsyp-aaaf	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-saml-core-public/CVE-2023-4918.yml	36.0.0
2025-02-18T03:41:24.514534+00:00	GitLab Importer	Fixing	VCID-a3d5-nsyp-aaaf	None	35.1.0
2025-02-18T03:41:23.981447+00:00	GitLab Importer	Fixing	VCID-a3d5-nsyp-aaaf	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-saml-core-public/CVE-2023-4918.yml	35.1.0
2025-02-18T01:06:42.942066+00:00	GitLab Importer	Affected by	VCID-kfzc-yxas-aaad	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-saml-core-public/CVE-2023-6291.yml	35.1.0
2024-11-21T00:59:37.260975+00:00	GitLab Importer	Fixing	VCID-a3d5-nsyp-aaaf	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-saml-core-public/CVE-2023-4918.yml	35.0.0
2024-11-20T23:31:20.529463+00:00	GitLab Importer	Affected by	VCID-kfzc-yxas-aaad	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-saml-core-public/CVE-2023-6291.yml	35.0.0
2024-11-19T00:48:14.372810+00:00	GitLab Importer	Fixing	VCID-a3d5-nsyp-aaaf	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-saml-core-public/CVE-2023-4918.yml	34.3.2
2024-11-18T23:20:30.031453+00:00	GitLab Importer	Affected by	VCID-kfzc-yxas-aaad	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-saml-core-public/CVE-2023-6291.yml	34.3.2
2024-10-08T01:20:10.532856+00:00	GitLab Importer	Fixing	VCID-a3d5-nsyp-aaaf	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-saml-core-public/CVE-2023-4918.yml	34.0.2
2024-10-08T00:17:38.251651+00:00	GitLab Importer	Affected by	VCID-kfzc-yxas-aaad	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-saml-core-public/CVE-2023-6291.yml	34.0.2
2024-09-23T00:31:35.708143+00:00	GitLab Importer	Affected by	VCID-kfzc-yxas-aaad	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-saml-core-public/CVE-2023-6291.yml	34.0.1
2024-09-17T22:41:34.951067+00:00	GitLab Importer	Fixing	VCID-a3d5-nsyp-aaaf	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-saml-core-public/CVE-2023-4918.yml	34.0.1
2024-04-24T03:56:04.805720+00:00	GitLab Importer	Fixing	VCID-a3d5-nsyp-aaaf	None	34.0.0rc4
2024-04-24T03:56:04.699704+00:00	GitLab Importer	Fixing	VCID-a3d5-nsyp-aaaf	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-saml-core-public/CVE-2023-4918.yml	34.0.0rc4
2024-04-24T02:42:37.478955+00:00	GitLab Importer	Affected by	VCID-kfzc-yxas-aaad	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-saml-core-public/CVE-2023-6291.yml	34.0.0rc4
2024-01-10T06:36:34.858205+00:00	GitLab Importer	Fixing	VCID-a3d5-nsyp-aaaf	None	34.0.0rc2
2024-01-10T06:36:34.756980+00:00	GitLab Importer	Fixing	VCID-a3d5-nsyp-aaaf	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-saml-core-public/CVE-2023-4918.yml	34.0.0rc2
2024-01-03T23:23:05.689240+00:00	GitLab Importer	Fixing	VCID-a3d5-nsyp-aaaf	None	34.0.0rc1
2024-01-03T18:03:50.877448+00:00	GitLab Importer	Fixing	VCID-a3d5-nsyp-aaaf	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-saml-core-public/CVE-2023-4918.yml	34.0.0rc1

2025-06-20T16:51:40.686382+00:00

GitLab Importer

Affected by

VCID-kfzc-yxas-aaad

https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-saml-core-public/CVE-2023-6291.yml

36.1.3

2025-06-20T16:42:16.269464+00:00

GitLab Importer

Fixing

Next non-vulnerable version	23.0.0
Latest non-vulnerable version	23.0.0
Risk	4.0