CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-10199 – keycloak: CSRF check missing in My Resources functionality in the Account Console
https://notcve.org/view.php?id=CVE-2019-10199
It was found that Keycloak's account console, up to 6.0.1, did not perform adequate header checks in some requests. An attacker could use this flaw to trick an authenticated user into performing operations via request from an untrusted domain. Se detectó que la consola de cuenta de Keycloak, versiones hasta 6.0.1, no realizaba comprobaciones de encabezado adecuadas en algunas peticiones. Un atacante podría usar este fallo para engañar a un usuario autenticado para que realice operaciones por medio de una petición desde un dominio no confiable. It was found that Keycloak's account console did not perform adequate header checks in some requests. • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10199 https://access.redhat.com/security/cve/CVE-2019-10199 https://bugzilla.redhat.com/show_bug.cgi?id=1729261 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2019-3875 – keycloak: missing signatures validation on CRL used to verify client certificates
https://notcve.org/view.php?id=CVE-2019-3875
A vulnerability was found in keycloak before 6.0.2. The X.509 authenticator supports the verification of client certificates through the CRL, where the CRL list can be obtained from the URL provided in the certificate itself (CDP) or through the separately configured path. The CRL are often available over the network through unsecured protocols ('http' or 'ldap') and hence the caller should verify the signature and possibly the certification path. Keycloak currently doesn't validate signatures on CRL, which can result in a possibility of various attacks like man-in-the-middle. Se encontró una vulnerabilidad en keycloak versión anterior a 6.0.2. • http://www.securityfocus.com/bid/108748 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3875 https://access.redhat.com/security/cve/CVE-2019-3875 https://bugzilla.redhat.com/show_bug.cgi?id=1690628 • CWE-295: Improper Certificate Validation CWE-345: Insufficient Verification of Data Authenticity •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2019-10157 – keycloak: Node.js adapter internal NBF can be manipulated leading to DoS.
https://notcve.org/view.php?id=CVE-2019-10157
It was found that Keycloak's Node.js adapter before version 4.8.3 did not properly verify the web token received from the server in its backchannel logout . An attacker with local access could use this to construct a malicious web token setting an NBF parameter that could prevent user access indefinitely. Se encontró que el adaptador Node.js de Keycloak antes de la versión 4.8.3 no verificó correctamente el token web recibido del servidor en su cierre de sesión de backchannel. Un atacante con acceso local podría usar esto para construir un token web malicioso que establezca un parámetro NBF que podría impedir el acceso de los usuarios de forma indefinida. It was found that Keycloak's Node.js adapter did not properly verify the web token received from the server in its backchannel logout. • http://www.securityfocus.com/bid/108734 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10157 https://access.redhat.com/security/cve/CVE-2019-10157 https://bugzilla.redhat.com/show_bug.cgi?id=1702953 • CWE-287: Improper Authentication CWE-345: Insufficient Verification of Data Authenticity •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-3868 – keycloak: session hijack using the user access token
https://notcve.org/view.php?id=CVE-2019-3868
Keycloak up to version 6.0.0 allows the end user token (access or id token JWT) to be used as the session cookie for browser sessions for OIDC. As a result an attacker with access to service provider backend could hijack user’s browser session. Keycloak hasta la versión 6.0.0 permite utilizar el token de usuario final (JWT de token de acceso o id) como cookie de sesión para sesiones de navegador para OIDC. Como resultado, un atacante con acceso al backend del proveedor de servicios podría secuestrar la sesión del navegador del usuario. • http://www.securityfocus.com/bid/108061 https://access.redhat.com/errata/RHSA-2019:1140 https://access.redhat.com/errata/RHSA-2019:2998 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3868 https://access.redhat.com/security/cve/CVE-2019-3868 https://bugzilla.redhat.com/show_bug.cgi?id=1679144 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2018-14637 – keycloak: expiration not validated in SAML broker consumer endpoint
https://notcve.org/view.php?id=CVE-2018-14637
The SAML broker consumer endpoint in Keycloak before version 4.6.0.Final ignores expiration conditions on SAML assertions. An attacker can exploit this vulnerability to perform a replay attack. El endpoint del cliente del bróker SAML en Keycloak en versiones anteriores a la 4.6.0.Final ignora las condiciones de expiración en las aserciones SAML. Un atacante podría explotar esta vulnerabilidad para realizar un ataque de repetición. • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14637 https://access.redhat.com/security/cve/CVE-2018-14637 https://bugzilla.redhat.com/show_bug.cgi?id=1627851 • CWE-285: Improper Authorization CWE-287: Improper Authentication •