Search for packages
| purl | pkg:maven/org.keycloak/keycloak-server-spi-private@3.3.0.CR1 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-5yyq-kxcg-aaas
Aliases: CVE-2020-27838 GHSA-pcv5-m2wh-66j3 |
Improper Authentication A flaw was found in keycloak The client registration endpoint allows fetching information about PUBLIC clients (like client secret) without authentication which could be an issue if the same PUBLIC client changed to CONFIDENTIAL later. The highest threat from this vulnerability is to data confidentiality. |
Affected by 3 other vulnerabilities. |
|
VCID-6nqn-fym4-aaaq
Aliases: CVE-2020-1697 GHSA-8vf3-4w62-m3pq |
XSS in Keycloak |
Affected by 10 other vulnerabilities. |
|
VCID-7qnt-1wwt-aaap
Aliases: CVE-2022-3916 GHSA-97g8-xfvw-q4hg GMS-2022-8406 |
Keycloak vulnerable to session takeover with OIDC offline refreshtokens |
Affected by 2 other vulnerabilities. |
|
VCID-caef-7bbm-aaaa
Aliases: CVE-2023-2585 GHSA-f5h4-wmp5-xhg6 |
Client Spoofing within the Keycloak Device Authorisation Grant |
Affected by 1 other vulnerability. |
|
VCID-fccp-mqrj-aaaj
Aliases: CVE-2020-14302 |
Authentication Bypass by Capture-replay A flaw was found in Keycloak where an external identity provider, after successful authentication, redirects to a Keycloak endpoint that accepts multiple invocations with the use of the same `state` parameter. This flaw allows a malicious user to perform replay attacks. |
Affected by 3 other vulnerabilities. |
|
VCID-fk8g-8kjz-aaah
Aliases: CVE-2020-1725 GHSA-p225-pc2x-4jpm |
Incorrect Authorization in keycloak |
Affected by 3 other vulnerabilities. |
|
VCID-kfzc-yxas-aaad
Aliases: CVE-2023-6291 GHSA-mpwq-j3xf-7m5w |
The redirect_uri validation logic allows for bypassing explicitly allowed hosts that would otherwise be restricted |
Affected by 0 other vulnerabilities. |
|
VCID-ksng-jvwm-aaar
Aliases: CVE-2020-10776 GHSA-484q-784p-8m5h |
Cross-site Scripting in keycloak |
Affected by 9 other vulnerabilities. |
|
VCID-m93w-vwub-aaab
Aliases: CVE-2020-14389 GHSA-c9x9-xv66-xp3v |
Improper privilege management in Keycloak |
Affected by 9 other vulnerabilities. |
|
VCID-q9y4-889z-aaaa
Aliases: CVE-2020-10770 GHSA-jh7q-5mwf-qvhw |
Server-Side Request Forgery (SSRF) A flaw was found in Keycloak, where it is possible to force the server to call out an unverified URL using the `OIDC` parameter `request_uri`. This flaw allows an attacker to use this parameter to execute a Server-side request forgery (SSRF) attack. |
Affected by 7 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||