CVSS: 10.0EPSS: 0%CPEs: 13EXPL: 0CVE-2022-4361 – RHSSO: XSS due to lax URI scheme validation
https://notcve.org/view.php?id=CVE-2022-4361
28 Jun 2023 — Keycloak, an open-source identity and access management solution, has a cross-site scripting (XSS) vulnerability in the SAML or OIDC providers. The vulnerability can allow an attacker to execute malicious scripts by setting the AssertionConsumerServiceURL value or the redirect_uri. Red Hat Single Sign-On is an integrated sign-on solution, available as a Red Hat JBoss Middleware for OpenShift containerized image. The Red Hat Single Sign-On for OpenShift image provides an authentication server that you can us... • https://bugzilla.redhat.com/show_bug.cgi?id=2151618 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-81: Improper Neutralization of Script in an Error Message Web Page •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0CVE-2023-1664 – keycloak: Untrusted Certificate Validation
https://notcve.org/view.php?id=CVE-2023-1664
26 May 2023 — A flaw was found in Keycloak. This flaw depends on a non-default configuration "Revalidate Client Certificate" to be enabled and the reverse proxy is not validating the certificate before Keycloak. Using this method an attacker may choose the certificate which will be validated by the server. If this happens and the KC_SPI_TRUSTSTORE_FILE_FILE variable is missing/misconfigured, any trustfile may be accepted with the logging information of "Cannot validate client certificate trust: Truststore not available".... • https://bugzilla.redhat.com/show_bug.cgi?id=2182196&comment#0 • CWE-295: Improper Certificate Validation •
CVSS: 7.8EPSS: 4%CPEs: 29EXPL: 0CVE-2023-1108 – Undertow: infinite loop in sslconduit during close
https://notcve.org/view.php?id=CVE-2023-1108
10 Mar 2023 — A flaw was found in undertow. This issue makes achieving a denial of service possible due to an unexpected handshake status updated in SslConduit, where the loop never terminates. Se encontró una falla en undertow. Este problema hace posible lograr una denegación de servicio debido a un estado de protocolo de enlace inesperado actualizado en SslConduit, donde el bucle nunca termina Red Hat Single Sign-On is an integrated sign-on solution, available as a Red Hat JBoss Middleware for OpenShift containerized i... • https://access.redhat.com/errata/RHSA-2023:1184 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 8.1EPSS: 0%CPEs: 5EXPL: 0CVE-2022-4137 – Keycloak: reflected xss attack
https://notcve.org/view.php?id=CVE-2022-4137
02 Mar 2023 — A reflected cross-site scripting (XSS) vulnerability was found in the 'oob' OAuth endpoint due to incorrect null-byte handling. This issue allows a malicious link to insert an arbitrary URI into a Keycloak error page. This flaw requires a user or administrator to interact with a link in order to be vulnerable. This may compromise user details, allowing it to be changed or collected by an attacker. Se encontró una vulnerabilidad reflejada de scross-site scripting (XSS) en el endpoint de OAuth 'oob' debido a ... • https://access.redhat.com/errata/RHSA-2023:1043 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-81: Improper Neutralization of Script in an Error Message Web Page •
CVSS: 10.0EPSS: 0%CPEs: 10EXPL: 0CVE-2022-4039 – Rhsso-container-image: unsecured management interface exposed to adjecent network
https://notcve.org/view.php?id=CVE-2022-4039
02 Mar 2023 — A flaw was found in Red Hat Single Sign-On for OpenShift container images, which are configured with an unsecured management interface enabled. This flaw allows an attacker to use this interface to deploy malicious code and access and modify potentially sensitive information in the app server configuration. Se encontró una falla en Red Hat Single Sign-On para imágenes de contenedores OpenShift, que están configuradas con una interfaz de administración no segura habilitada. Esta falla permite a un atacante u... • https://access.redhat.com/errata/RHSA-2023:1047 • CWE-276: Incorrect Default Permissions •
CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-2237 – Adapter: Open redirect vulnerability in checkSSO
https://notcve.org/view.php?id=CVE-2022-2237
02 Mar 2023 — A flaw was found in the Keycloak Node.js Adapter. This flaw allows an attacker to benefit from an Open Redirect vulnerability in the checkSso function. Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This release of Red Hat Single Sign-On 7.6.2 serves as a replacement for Red Hat Single Sign-On 7.6.1, and includes bug fixes and enhancements, which are documented in ... • https://bugzilla.redhat.com/show_bug.cgi?id=2097007 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 7.6EPSS: 0%CPEs: 13EXPL: 0CVE-2022-1274 – keycloak: HTML injection in execute-actions-email Admin REST API
https://notcve.org/view.php?id=CVE-2022-1274
02 Mar 2023 — A flaw was found in Keycloak in the execute-actions-email endpoint. This issue allows arbitrary HTML to be injected into emails sent to Keycloak users and can be misused to perform phishing or other attacks against users. Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This release of Red Hat Single Sign-On 7.6.2 serves as a replacement for Red Hat Single Sign-On 7.... • https://bugzilla.redhat.com/show_bug.cgi?id=2073157 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) •
CVSS: 5.0EPSS: 3%CPEs: 14EXPL: 1CVE-2023-0264 – keycloak: user impersonation via stolen uuid code
https://notcve.org/view.php?id=CVE-2023-0264
02 Mar 2023 — A flaw was found in Keycloaks OpenID Connect user authentication, which may incorrectly authenticate requests. An authenticated attacker who could obtain information from a user request within the same realm could use that data to impersonate the victim and generate new session tokens. This issue could impact confidentiality, integrity, and availability. Se ha encontrado un fallo en la autenticación de usuarios en OpenID Connect de Keycloak, que podría autenticar incorrectamente las solicitudes. Un atacante... • https://github.com/twwd/CVE-2023-0264 • CWE-287: Improper Authentication CWE-303: Incorrect Implementation of Authentication Algorithm •
CVSS: 7.8EPSS: 0%CPEs: 10EXPL: 0CVE-2022-4492 – undertow: Server identity in https connection is not checked by the undertow client
https://notcve.org/view.php?id=CVE-2022-4492
23 Feb 2023 — The undertow client is not checking the server identity presented by the server certificate in https connections. This is a compulsory step (at least it should be performed by default) in https and in http/2. I would add it to any TLS client protocol. A flaw was found in undertow. The undertow client is not checking the server identity the server certificate presents in HTTPS connections. • https://access.redhat.com/security/cve/CVE-2022-4492 • CWE-550: Server-generated Error Message Containing Sensitive Information CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-0105 – keycloak: impersonation and lockout possible through incorrect handling of email trust
https://notcve.org/view.php?id=CVE-2023-0105
11 Jan 2023 — A flaw was found in Keycloak. This flaw allows impersonation and lockout due to the email trust not being handled correctly in Keycloak. An attacker can shadow other users with the same email and lockout or impersonate them. Se encontró una falla en Keycloak. Esta falla permite la suplantación y el bloqueo debido a que la confianza del correo electrónico no se maneja correctamente en Keycloak. • https://access.redhat.com/security/cve/CVE-2023-0105 • CWE-287: Improper Authentication CWE-841: Improper Enforcement of Behavioral Workflow •