Search for packages
| purl | pkg:maven/org.keycloak/keycloak-services@25.0.6 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-1azf-tnm3-pyh3
Aliases: GHSA-fx44-2wx5-5fvp |
Duplicate Advisory: Keycloak vulnerable to two factor authentication bypass |
Affected by 0 other vulnerabilities. |
|
VCID-5hrf-cqc3-b7am
Aliases: GHSA-r934-w73g-v4p8 |
Duplicate Advisory: Keycloak hostname verification |
Affected by 0 other vulnerabilities. |
|
VCID-dk7y-hky5-kbey
Aliases: GHSA-rq4w-cjrr-h8w8 |
Duplicate Advisory: Keycloak allows Incorrect Assignment of an Organization to a User # Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-gvgg-2r3r-53x7. This link is maintained to preserve external references. # Original Description A flaw was found in the Keycloak organization feature, which allows the incorrect assignment of an organization to a user if their username or email matches the organization’s domain pattern. This issue occurs at the mapper level, leading to misrepresentation in tokens. If an application relies on these claims for authorization, it may incorrectly assume a user belongs to an organization they are not a member of, potentially granting unauthorized access or privileges. |
Affected by 5 other vulnerabilities. |
|
VCID-e51s-1cpw-qufr
Aliases: CVE-2024-10270 GHSA-wq8x-cg39-8mrr |
org.keycloak:keycloak-services: Keycloak Denial of Service |
Affected by 6 other vulnerabilities. |
|
VCID-gpuj-k3g2-cyga
Aliases: GHSA-j3x3-r585-4qhg |
Duplicate Advisory: org.keycloak:keycloak-services has Inefficient Regular Expression Complexity |
Affected by 6 other vulnerabilities. |
|
VCID-ur9z-vd6r-9qcj
Aliases: CVE-2025-2559 GHSA-2935-2wfm-hhpv |
org.keycloak/keycloak-services: JWT Token Cache Exhaustion Leading to Denial of Service (DoS) in Keycloak |
Affected by 4 other vulnerabilities. |
|
VCID-w71m-tyt8-dqby
Aliases: CVE-2025-3501 GHSA-hw58-3793-42gg |
A flaw was found in Keycloak. By setting a verification policy to 'ALL', the trust store certificate verification is skipped, which is unintended. |
Affected by 0 other vulnerabilities. |
|
VCID-ze83-qhsk-67bh
Aliases: CVE-2025-3910 GHSA-5jfq-x6xp-7rw2 |
A flaw was found in Keycloak. The org.keycloak.authorization package may be vulnerable to circumventing required actions, allowing users to circumvent requirements such as setting up two-factor authentication. |
Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-f19m-zv2h-9fgu | Keycloak: Vulnerable Redirect URI Validation Results in Open Redirec |
CVE-2024-8883
GHSA-vvf8-2h68-9475 |
| VCID-scqu-xf9x-3kff | Vulnerable Redirect URI Validation Results in Open Redirect |
GHSA-w8gr-xwp4-r9f7
|