CVSS: 6.8EPSS: 0%CPEs: 11EXPL: 0CVE-2024-8883 – Keycloak: vulnerable redirect uri validation results in open redirec
https://notcve.org/view.php?id=CVE-2024-8883
19 Sep 2024 — A misconfiguration flaw was found in Keycloak. This issue can allow an attacker to redirect users to an arbitrary URL if a 'Valid Redirect URI' is set to http://localhost or http://127.0.0.1, enabling sensitive information such as authorization codes to be exposed to the attacker, potentially leading to session hijacking. • https://access.redhat.com/security/cve/CVE-2024-8883 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 7.7EPSS: 0%CPEs: 6EXPL: 1CVE-2024-8698 – Keycloak-saml-core: improper verification of saml responses leading to privilege escalation in keycloak
https://notcve.org/view.php?id=CVE-2024-8698
19 Sep 2024 — A flaw exists in the SAML signature validation method within the Keycloak XMLSignatureUtil class. The method incorrectly determines whether a SAML signature is for the full document or only for specific assertions based on the position of the signature in the XML document, rather than the Reference element used to specify the signed element. This flaw allows attackers to create crafted responses that can bypass the validation, potentially leading to privilege escalation or impersonation attacks. • https://github.com/huydoppaz/CVE-2024-8698-POC • CWE-347: Improper Verification of Cryptographic Signature •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2024-7341 – Wildfly-elytron: org.keycloak/keycloak-services: session fixation in elytron saml adapters
https://notcve.org/view.php?id=CVE-2024-7341
09 Sep 2024 — A session fixation issue was discovered in the SAML adapters provided by Keycloak. The session ID and JSESSIONID cookie are not changed at login time, even when the turnOffChangeSessionIdOnLogin option is configured. This flaw allows an attacker who hijacks the current session before authentication to trigger session fixation. • https://access.redhat.com/errata/RHSA-2024:6493 • CWE-384: Session Fixation •
CVSS: 6.5EPSS: 0%CPEs: 12EXPL: 0CVE-2024-4629 – Keycloak: potential bypass of brute force protection
https://notcve.org/view.php?id=CVE-2024-4629
03 Sep 2024 — A vulnerability was found in Keycloak. This flaw allows attackers to bypass brute force protection by exploiting the timing of login attempts. By initiating multiple login requests simultaneously, attackers can exceed the configured limits for failed attempts before the system locks them out. This timing loophole enables attackers to make more guesses at passwords than intended, potentially compromising account security on affected systems. • https://access.redhat.com/security/cve/CVE-2024-4629 • CWE-837: Improper Enforcement of a Single, Unique Action •
CVSS: 3.3EPSS: 0%CPEs: 5EXPL: 0CVE-2024-5967 – Keycloak: leak of configured ldap bind credentials through the keycloak admin console
https://notcve.org/view.php?id=CVE-2024-5967
18 Jun 2024 — A vulnerability was found in Keycloak. The LDAP testing endpoint allows changing the Connection URL independently without re-entering the currently configured LDAP bind credentials. This flaw allows an attacker with admin access (permission manage-realm) to change the LDAP host URL ("Connection URL") to a machine they control. The Keycloak server will connect to the attacker's host and try to authenticate with the configured credentials, thus leaking them to the attacker. As a consequence, an attacker who h... • https://access.redhat.com/security/cve/CVE-2024-5967 • CWE-276: Incorrect Default Permissions •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2024-4540 – Keycloak: exposure of sensitive information in pushed authorization requests (par) kc_restart cookie
https://notcve.org/view.php?id=CVE-2024-4540
03 Jun 2024 — A flaw was found in Keycloak in OAuth 2.0 Pushed Authorization Requests (PAR). Client-provided parameters were found to be included in plain text in the KC_RESTART cookie returned by the authorization server's HTTP response to a `request_uri` authorization request, possibly leading to an information disclosure vulnerability. Se encontró una falla en Keycloak en las solicitudes de autorización push (PAR) de OAuth 2.0. Se descubrió que los parámetros proporcionados por el cliente estaban incluidos en texto pl... • https://access.redhat.com/errata/RHSA-2024:3566 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2023-6544 – Keycloak: authorization bypass
https://notcve.org/view.php?id=CVE-2023-6544
25 Apr 2024 — A flaw was found in the Keycloak package. This issue occurs due to a permissive regular expression hardcoded for filtering which allows hosts to register a dynamic client. A malicious user with enough information about the environment could jeopardize an environment with this specific Dynamic Client Registration and TrustedDomain configuration previously unauthorized. Se encontró una falla en el paquete Keycloak. Este problema se produce debido a una expresión regular permisiva codificada para el filtrado q... • https://access.redhat.com/errata/RHSA-2024:1860 • CWE-625: Permissive Regular Expression •
CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 0CVE-2023-6484 – Keycloak: log injection during webauthn authentication or registration
https://notcve.org/view.php?id=CVE-2023-6484
17 Apr 2024 — A log injection flaw was found in Keycloak. A text string may be injected through the authentication form when using the WebAuthn authentication mode. This issue may have a minor impact to the logs integrity. Se encontró una falla de inyección de registros en Keycloak. Se puede inyectar una cadena de texto a través del formulario de autenticación cuando se utiliza el modo de autenticación WebAuthn. • https://access.redhat.com/errata/RHSA-2024:0798 • CWE-117: Improper Output Neutralization for Logs •
CVSS: 7.8EPSS: 0%CPEs: 22EXPL: 0CVE-2024-1249 – Keycloak: org.keycloak.protocol.oidc: unvalidated cross-origin messages in checkloginiframe leads to ddos
https://notcve.org/view.php?id=CVE-2024-1249
17 Apr 2024 — A flaw was found in Keycloak's OIDC component in the "checkLoginIframe," which allows unvalidated cross-origin messages. This flaw allows attackers to coordinate and send millions of requests in seconds using simple code, significantly impacting the application's availability without proper origin validation for incoming messages. Se encontró una falla en el componente OIDC de Keycloak en "checkLoginIframe", que permite mensajes de origen cruzado no validados. Esta falla permite a los atacantes coordinar y ... • https://access.redhat.com/errata/RHSA-2024:1860 • CWE-346: Origin Validation Error •
CVSS: 9.4EPSS: 0%CPEs: 21EXPL: 0CVE-2024-1132 – Keycloak: path transversal in redirection validation
https://notcve.org/view.php?id=CVE-2024-1132
17 Apr 2024 — A flaw was found in Keycloak, where it does not properly validate URLs included in a redirect. This issue could allow an attacker to construct a malicious request to bypass validation and access other URLs and sensitive information within the domain or conduct further attacks. This flaw affects any client that utilizes a wildcard in the Valid Redirect URIs field, and requires user interaction within the malicious URL. Se encontró una falla en Keycloak, donde no valida correctamente las URL incluidas en una ... • https://access.redhat.com/errata/RHSA-2024:1860 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •