Search for packages
| purl | pkg:maven/org.keycloak/keycloak-wildfly-server-subsystem@22.0.2 |
| Tags | Ghost |
| Next non-vulnerable version | None. |
| Latest non-vulnerable version | None. |
| Risk | 4.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-a3d5-nsyp-aaaf
Aliases: CVE-2023-4918 GHSA-5q66-v53q-pm35 |
A flaw was found in the Keycloak package, more specifically org.keycloak.userprofile. When a user registers itself through registration flow, the "password" and "password-confirm" field from the form will occur as regular user attributes. All users and clients with proper rights and roles are able to read users attributes, allowing a malicious user with minimal access to retrieve the users passwords in clear text, jeopardizing their environment. | There are no reported fixed by versions. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2024-09-17T22:41:34.386254+00:00 | GitLab Importer | Affected by | VCID-a3d5-nsyp-aaaf | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-wildfly-server-subsystem/CVE-2023-4918.yml | 34.0.1 |
| 2024-01-03T18:03:50.572932+00:00 | GitLab Importer | Affected by | VCID-a3d5-nsyp-aaaf | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-wildfly-server-subsystem/CVE-2023-4918.yml | 34.0.0rc1 |