Page 6 of 70 results (0.008 seconds)

CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0

A flaw was found in keycloak-model-infinispan in keycloak versions before 14.0.0 where authenticationSessions map in RootAuthenticationSessionEntity grows boundlessly which could lead to a DoS attack. Se ha encontrado un fallo en keycloak-model-infinispan en keycloak versiones anteriores a 14.0.0, donde el mapa authenticationSessions en RootAuthenticationSessionEntity crece ilimitadamente, lo que podría conllevar a un ataque de DoS A flaw was found in keycloak-model-infinispan where the authenticationSessions map in RootAuthenticationSessionEntity grows boundlessly. This issue leads to a denial of service. • https://bugzilla.redhat.com/show_bug.cgi?id=1979638 https://access.redhat.com/security/cve/CVE-2021-3637 • CWE-770: Allocation of Resources Without Limits or Throttling •

CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0

A flaw was found in keycloak as shipped in Red Hat Single Sign-On 7.4 where IDN homograph attacks are possible. A malicious user can register himself with a name already registered and trick admin to grant him extra privileges. Se ha encontrado un fallo en keycloak, tal y como es enviado en Red Hat Single Sign-On versión 7.4, en el que son posibles los ataques de homografía IDN. Un usuario malicioso puede registrarse con un nombre ya registrado y engañar al administrador para que le conceda privilegios adicionales A flaw was found in keycloak, where IDN homograph attacks are possible. This flaw allows a malicious user to register a name that already exists and then tricking an admin to grant extra privileges. • https://bugzilla.redhat.com/show_bug.cgi?id=1933320 https://access.redhat.com/security/cve/CVE-2021-3424 • CWE-287: Improper Authentication •

CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0

A flaw was found in keycloak where keycloak may fail to logout user session if the logout request comes from external SAML identity provider and Principal Type is set to Attribute [Name]. Se ha encontrado un fallo en keycloak por el que keycloak puede fallar al cerrar la sesión del usuario si la petición de cierre de sesión proviene de un proveedor de identidad SAML externo y el tipo de principal está configurado como atributo [nombre] • https://bugzilla.redhat.com/show_bug.cgi?id=1941565 https://access.redhat.com/security/cve/CVE-2021-3461 • CWE-613: Insufficient Session Expiration •

CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0

A flaw was found in Keycloak 12.0.0 where re-authentication does not occur while updating the password. This flaw allows an attacker to take over an account if they can obtain temporary, physical access to a user’s browser. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. Se encontró un fallo en Keycloak versión 12.0.0, donde no ocurre la re-autenticación mientras se actualiza la contraseña. Este fallo permite a un atacante apoderarse de una cuenta si puede obtener acceso físico temporal al navegador de un usuario. • https://bugzilla.redhat.com/show_bug.cgi?id=1933639 • CWE-306: Missing Authentication for Critical Function •

CVSS: 6.5EPSS: 11%CPEs: 2EXPL: 1

A flaw was found in keycloak in versions prior to 13.0.0. The client registration endpoint allows fetching information about PUBLIC clients (like client secret) without authentication which could be an issue if the same PUBLIC client changed to CONFIDENTIAL later. The highest threat from this vulnerability is to data confidentiality. Se encontró un fallo en keycloak en versiones anteriores a 13.0.0. El endpoint de registro de clientes permite obtener información sobre clientes PÚBLICOS (como el secreto del cliente) sin autenticación, lo que podría ser un problema si el mismo cliente PÚBLICO cambiara a CONFIDENCIAL más adelante. • https://github.com/Cappricio-Securities/CVE-2020-27838 https://bugzilla.redhat.com/show_bug.cgi?id=1906797 • CWE-287: Improper Authentication •