VulnerableCode Package Details - pkg:maven/org.keycloak/keycloak-server-spi-private@22.0.2

Search for packages

Vulnerability	Summary	Fixed by
VCID-a3d5-nsyp-aaaf Aliases: CVE-2023-4918 GHSA-5q66-v53q-pm35	A flaw was found in the Keycloak package, more specifically org.keycloak.userprofile. When a user registers itself through registration flow, the "password" and "password-confirm" field from the form will occur as regular user attributes. All users and clients with proper rights and roles are able to read users attributes, allowing a malicious user with minimal access to retrieve the users passwords in clear text, jeopardizing their environment.	22.0.3 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-kfzc-yxas-aaad Aliases: CVE-2023-6291 GHSA-mpwq-j3xf-7m5w	The redirect_uri validation logic allows for bypassing explicitly allowed hosts that would otherwise be restricted	23.0.0 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-a3d5-nsyp-aaaf
Aliases:
CVE-2023-4918
GHSA-5q66-v53q-pm35

A flaw was found in the Keycloak package, more specifically org.keycloak.userprofile. When a user registers itself through registration flow, the "password" and "password-confirm" field from the form will occur as regular user attributes. All users and clients with proper rights and roles are able to read users attributes, allowing a malicious user with minimal access to retrieve the users passwords in clear text, jeopardizing their environment.

22.0.3
Affected by 1 other vulnerability.

VCID-kfzc-yxas-aaad
Aliases:
CVE-2023-6291
GHSA-mpwq-j3xf-7m5w

The redirect_uri validation logic allows for bypassing explicitly allowed hosts that would otherwise be restricted

23.0.0
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-06-20T16:51:41.065614+00:00	GitLab Importer	Affected by	VCID-kfzc-yxas-aaad	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-server-spi-private/CVE-2023-6291.yml	36.1.3
2025-06-20T16:42:14.216731+00:00	GitLab Importer	Affected by	VCID-a3d5-nsyp-aaaf	None	36.1.3
2025-06-20T16:42:13.805756+00:00	GitLab Importer	Affected by	VCID-a3d5-nsyp-aaaf	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-server-spi-private/CVE-2023-4918.yml	36.1.3
2025-06-03T23:29:00.596751+00:00	GitLab Importer	Affected by	VCID-kfzc-yxas-aaad	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-server-spi-private/CVE-2023-6291.yml	36.1.0
2025-06-03T23:20:40.968094+00:00	GitLab Importer	Affected by	VCID-a3d5-nsyp-aaaf	None	36.1.0
2025-06-03T23:20:40.591308+00:00	GitLab Importer	Affected by	VCID-a3d5-nsyp-aaaf	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-server-spi-private/CVE-2023-4918.yml	36.1.0
2025-06-02T23:26:40.218392+00:00	GitLab Importer	Affected by	VCID-kfzc-yxas-aaad	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-server-spi-private/CVE-2023-6291.yml	36.1.2
2025-06-02T23:17:51.527899+00:00	GitLab Importer	Affected by	VCID-a3d5-nsyp-aaaf	None	36.1.2
2025-06-02T23:17:51.160495+00:00	GitLab Importer	Affected by	VCID-a3d5-nsyp-aaaf	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-server-spi-private/CVE-2023-4918.yml	36.1.2
2025-04-03T21:52:44.912439+00:00	GitLab Importer	Affected by	VCID-kfzc-yxas-aaad	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-server-spi-private/CVE-2023-6291.yml	36.0.0
2025-04-03T21:33:44.650675+00:00	GitLab Importer	Affected by	VCID-a3d5-nsyp-aaaf	None	36.0.0
2025-04-03T21:33:44.205996+00:00	GitLab Importer	Affected by	VCID-a3d5-nsyp-aaaf	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-server-spi-private/CVE-2023-4918.yml	36.0.0
2025-02-18T03:41:24.194774+00:00	GitLab Importer	Affected by	VCID-a3d5-nsyp-aaaf	None	35.1.0
2025-02-18T03:41:24.124977+00:00	GitLab Importer	Affected by	VCID-a3d5-nsyp-aaaf	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-server-spi-private/CVE-2023-4918.yml	35.1.0
2025-02-18T01:06:40.753390+00:00	GitLab Importer	Affected by	VCID-kfzc-yxas-aaad	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-server-spi-private/CVE-2023-6291.yml	35.1.0
2024-11-21T00:59:37.340871+00:00	GitLab Importer	Affected by	VCID-a3d5-nsyp-aaaf	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-server-spi-private/CVE-2023-4918.yml	35.0.0
2024-11-20T23:31:22.090152+00:00	GitLab Importer	Affected by	VCID-kfzc-yxas-aaad	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-server-spi-private/CVE-2023-6291.yml	35.0.0
2024-11-19T00:48:14.443995+00:00	GitLab Importer	Affected by	VCID-a3d5-nsyp-aaaf	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-server-spi-private/CVE-2023-4918.yml	34.3.2
2024-11-18T23:20:31.588382+00:00	GitLab Importer	Affected by	VCID-kfzc-yxas-aaad	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-server-spi-private/CVE-2023-6291.yml	34.3.2
2024-10-08T01:20:10.603798+00:00	GitLab Importer	Affected by	VCID-a3d5-nsyp-aaaf	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-server-spi-private/CVE-2023-4918.yml	34.0.2
2024-10-08T00:17:39.790226+00:00	GitLab Importer	Affected by	VCID-kfzc-yxas-aaad	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-server-spi-private/CVE-2023-6291.yml	34.0.2
2024-09-23T00:31:37.192632+00:00	GitLab Importer	Affected by	VCID-kfzc-yxas-aaad	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-server-spi-private/CVE-2023-6291.yml	34.0.1
2024-09-17T22:41:32.926775+00:00	GitLab Importer	Affected by	VCID-a3d5-nsyp-aaaf	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-server-spi-private/CVE-2023-4918.yml	34.0.1
2024-04-24T03:58:12.231654+00:00	GitLab Importer	Affected by	VCID-a3d5-nsyp-aaaf	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-server-spi-private/CVE-2023-4918.yml	34.0.0rc4
2024-04-24T03:56:04.591338+00:00	GitLab Importer	Affected by	VCID-a3d5-nsyp-aaaf	None	34.0.0rc4
2024-04-24T02:42:36.035823+00:00	GitLab Importer	Affected by	VCID-kfzc-yxas-aaad	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-server-spi-private/CVE-2023-6291.yml	34.0.0rc4
2024-01-10T06:36:35.568803+00:00	GitLab Importer	Affected by	VCID-a3d5-nsyp-aaaf	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-server-spi-private/CVE-2023-4918.yml	34.0.0rc2
2024-01-10T06:36:34.650786+00:00	GitLab Importer	Affected by	VCID-a3d5-nsyp-aaaf	None	34.0.0rc2
2024-01-03T23:23:05.481794+00:00	GitLab Importer	Affected by	VCID-a3d5-nsyp-aaaf	None	34.0.0rc1
2024-01-03T18:03:49.803656+00:00	GitLab Importer	Affected by	VCID-a3d5-nsyp-aaaf	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-server-spi-private/CVE-2023-4918.yml	34.0.0rc1

2025-06-20T16:51:41.065614+00:00

GitLab Importer

Affected by

VCID-kfzc-yxas-aaad

https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-server-spi-private/CVE-2023-6291.yml

36.1.3

2025-06-20T16:42:14.216731+00:00

GitLab Importer

Affected by

Next non-vulnerable version	23.0.0
Latest non-vulnerable version	23.0.0
Risk	4.0