CVE-2023-0091 – keycloak: Client Registration endpoint does not check token revocation
https://notcve.org/view.php?id=CVE-2023-0091
A flaw was found in Keycloak, where it did not properly check client tokens for possible revocation in its client credential flow. This flaw allows an attacker to access or modify potentially sensitive information. Se encontró una falla en Keycloak, donde no verificó adecuadamente los tokens de los clientes para detectar una posible revocación en su flujo de credenciales de cliente. Esta falla permite a un atacante acceder o modificar información potencialmente confidencial. • https://access.redhat.com/security/cve/CVE-2023-0091 https://bugzilla.redhat.com/show_bug.cgi?id=2158585 • CWE-20: Improper Input Validation CWE-863: Incorrect Authorization •
CVE-2022-3782 – keycloak: path traversal via double URL encoding
https://notcve.org/view.php?id=CVE-2022-3782
keycloak: path traversal via double URL encoding. A flaw was found in Keycloak, where it does not properly validate URLs included in a redirect. An attacker can use this flaw to construct a malicious request to bypass validation and access other URLs and potentially sensitive information within the domain or possibly conduct further attacks. This flaw affects any client that utilizes a wildcard in the Valid Redirect URIs field. Keycloack: Path Traversal mediante codificación de URL doble. • https://access.redhat.com/security/cve/CVE-2022-3782 https://bugzilla.redhat.com/show_bug.cgi?id=2138971 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2022-3916 – Keycloak: session takeover with oidc offline refreshtokens
https://notcve.org/view.php?id=CVE-2022-3916
A flaw was found in the offline_access scope in Keycloak. This issue would affect users of shared computers more (especially if cookies are not cleared), due to a lack of root session validation, and the reuse of session ids across root and user authentication sessions. This enables an attacker to resolve a user session attached to a previously authenticated user; when utilizing the refresh token, they will be issued a token for the original user. Se encontró una falla en el alcance offline_access en Keycloak. Este problema afectaría más a los usuarios de ordenadores compartidos (especialmente si las cookies no se borran), debido a la falta de validación de la sesión root y a la reutilización de los identificadores de sesión en las sesiones de autenticación de usuario y root. • https://access.redhat.com/errata/RHSA-2022:8961 https://access.redhat.com/errata/RHSA-2022:8962 https://access.redhat.com/errata/RHSA-2022:8963 https://access.redhat.com/errata/RHSA-2022:8964 https://access.redhat.com/errata/RHSA-2022:8965 https://access.redhat.com/errata/RHSA-2023:1043 https://access.redhat.com/errata/RHSA-2023:1044 https://access.redhat.com/errata/RHSA-2023:1045 https://access.redhat.com/errata/RHSA-2023:1047 https://access.redhat.com/errata/RHSA • CWE-384: Session Fixation CWE-613: Insufficient Session Expiration •
CVE-2022-0225 – keycloak: Stored XSS in groups dropdown
https://notcve.org/view.php?id=CVE-2022-0225
A flaw was found in Keycloak. This flaw allows a privileged attacker to use the malicious payload as the group name while creating a new group from the admin console, leading to a stored Cross-site scripting (XSS) attack. Se ha encontrado un fallo en Keycloak. Este fallo permite a un atacante privilegiado usar la carga útil maliciosa como nombre del grupo mientras es creado un nuevo grupo desde la consola de administración, conllevando a un ataque de tipo Cross-site scripting (XSS) almacenado. • https://bugzilla.redhat.com/show_bug.cgi?id=2040268 https://github.com/keycloak/keycloak/security/advisories/GHSA-755v-r4x4-qf7m https://access.redhat.com/security/cve/CVE-2022-0225 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2021-3754
https://notcve.org/view.php?id=CVE-2021-3754
A flaw was found in keycloak where an attacker is able to register himself with the username same as the email ID of any existing user. This may cause trouble in getting password recovery email in case the user forgets the password. Se ha encontrado un fallo en keycloak por el que un atacante puede registrarse con el mismo nombre de usuario que el ID de correo electrónico de cualquier usuario existente. Esto puede causar problemas a la hora de recibir el correo electrónico de recuperación de la contraseña en caso de que el usuario la olvide. • https://github.com/7Ragnarok7/CVE-2021-3754 https://access.redhat.com/security/cve/CVE-2021-3754 https://bugzilla.redhat.com/show_bug.cgi?id=1999196 • CWE-20: Improper Input Validation •