CVSS: 7.5EPSS: 0%CPEs: 17EXPL: 0CVE-2023-6291 – Keycloak: redirect_uri validation bypass
https://notcve.org/view.php?id=CVE-2023-6291
26 Jan 2024 — A flaw was found in the redirect_uri validation logic in Keycloak. This issue may allow a bypass of otherwise explicitly allowed hosts. A successful attack may lead to an access token being stolen, making it possible for the attacker to impersonate other users. Se encontró un fallo en la lógica de validación de redirect_uri en Keycloak. Este problema puede permitir la omisión de hosts permitidos explícitamente. • https://access.redhat.com/errata/RHSA-2023:7854 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 5.5EPSS: 1%CPEs: 15EXPL: 1CVE-2023-6134 – Keycloak: reflected xss via wildcard in oidc redirect_uri
https://notcve.org/view.php?id=CVE-2023-6134
14 Dec 2023 — A flaw was found in Keycloak that prevents certain schemes in redirects, but permits them if a wildcard is appended to the token. This issue could allow an attacker to submit a specially crafted request leading to cross-site scripting (XSS) or further attacks. This flaw is the result of an incomplete fix for CVE-2020-10748. Se encontró una falla en Keycloak que impide ciertos esquemas en las redirecciones, pero los permite si se agrega un comodín al token. Este problema podría permitir que un atacante envíe... • https://access.redhat.com/errata/RHSA-2023:7854 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.7EPSS: 1%CPEs: 15EXPL: 1CVE-2023-6563 – Keycloak: offline session token dos
https://notcve.org/view.php?id=CVE-2023-6563
14 Dec 2023 — An unconstrained memory consumption vulnerability was discovered in Keycloak. It can be triggered in environments which have millions of offline tokens (> 500,000 users with each having at least 2 saved sessions). If an attacker creates two or more user sessions and then open the "consents" tab of the admin User Interface, the UI attempts to load a huge number of offline client sessions leading to excessive memory and CPU consumption which could potentially crash the entire system. Se descubrió una vulnerab... • https://access.redhat.com/errata/RHSA-2023:7854 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 7.8EPSS: 6%CPEs: 18EXPL: 0CVE-2023-3223 – Undertow: outofmemoryerror due to @multipartconfig handling
https://notcve.org/view.php?id=CVE-2023-3223
08 Aug 2023 — A flaw was found in undertow. Servlets annotated with @MultipartConfig may cause an OutOfMemoryError due to large multipart content. This may allow unauthorized users to cause remote Denial of Service (DoS) attack. If the server uses fileSizeThreshold to limit the file size, it's possible to bypass the limit by setting the file name in the request to null. Se encontró una falla en el undertow. • https://access.redhat.com/errata/RHSA-2023:4505 • CWE-789: Memory Allocation with Excessive Size Value •
CVSS: 7.8EPSS: 0%CPEs: 21EXPL: 0CVE-2023-3089 – Ocp & fips mode
https://notcve.org/view.php?id=CVE-2023-3089
05 Jul 2023 — A compliance problem was found in the Red Hat OpenShift Container Platform. Red Hat discovered that, when FIPS mode was enabled, not all of the cryptographic modules in use were FIPS-validated. Red Hat Advanced Cluster Management for Kubernetes 2.8.1 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applicati... • https://access.redhat.com/security/cve/CVE-2023-3089 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm CWE-521: Weak Password Requirements CWE-693: Protection Mechanism Failure •
CVSS: 9.4EPSS: 0%CPEs: 14EXPL: 0CVE-2023-2585 – Keycloak: client access via device auth request spoof
https://notcve.org/view.php?id=CVE-2023-2585
28 Jun 2023 — Keycloak's device authorization grant does not correctly validate the device code and client ID. An attacker client could abuse the missing validation to spoof a client consent request and trick an authorization admin into granting consent to a malicious OAuth client or possible unauthorized access to an existing OAuth client. La concesión de autorización del dispositivo de Keycloak no valida correctamente el código del dispositivo y la identificación del cliente. Un cliente atacante podría abusar de la val... • https://access.redhat.com/errata/RHSA-2023:3883 • CWE-358: Improperly Implemented Security Check for Standard •
CVSS: 10.0EPSS: 0%CPEs: 13EXPL: 0CVE-2022-4361 – RHSSO: XSS due to lax URI scheme validation
https://notcve.org/view.php?id=CVE-2022-4361
28 Jun 2023 — Keycloak, an open-source identity and access management solution, has a cross-site scripting (XSS) vulnerability in the SAML or OIDC providers. The vulnerability can allow an attacker to execute malicious scripts by setting the AssertionConsumerServiceURL value or the redirect_uri. Red Hat Single Sign-On is an integrated sign-on solution, available as a Red Hat JBoss Middleware for OpenShift containerized image. The Red Hat Single Sign-On for OpenShift image provides an authentication server that you can us... • https://bugzilla.redhat.com/show_bug.cgi?id=2151618 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-81: Improper Neutralization of Script in an Error Message Web Page •
CVSS: 7.8EPSS: 0%CPEs: 19EXPL: 0CVE-2022-4318 – Cri-o: /etc/passwd tampering privesc
https://notcve.org/view.php?id=CVE-2022-4318
05 Apr 2023 — A vulnerability was found in cri-o. This issue allows the addition of arbitrary lines into /etc/passwd by use of a specially crafted environment variable. Se encontró una vulnerabilidad en cri-o. Este problema permite la adición de líneas arbitrarias en /etc/passwd mediante el uso de una variable de entorno especialmente manipulada. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. • https://access.redhat.com/errata/RHSA-2023:1033 • CWE-538: Insertion of Sensitive Information into Externally-Accessible File or Directory CWE-913: Improper Control of Dynamically-Managed Code Resources •
CVSS: 7.8EPSS: 4%CPEs: 29EXPL: 0CVE-2023-1108 – Undertow: infinite loop in sslconduit during close
https://notcve.org/view.php?id=CVE-2023-1108
10 Mar 2023 — A flaw was found in undertow. This issue makes achieving a denial of service possible due to an unexpected handshake status updated in SslConduit, where the loop never terminates. Se encontró una falla en undertow. Este problema hace posible lograr una denegación de servicio debido a un estado de protocolo de enlace inesperado actualizado en SslConduit, donde el bucle nunca termina Red Hat Single Sign-On is an integrated sign-on solution, available as a Red Hat JBoss Middleware for OpenShift containerized i... • https://access.redhat.com/errata/RHSA-2023:1184 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 6.8EPSS: 0%CPEs: 29EXPL: 0CVE-2023-0056 – haproxy: segfault DoS
https://notcve.org/view.php?id=CVE-2023-0056
24 Jan 2023 — An uncontrolled resource consumption vulnerability was discovered in HAProxy which could crash the service. This issue could allow an authenticated remote attacker to run a specially crafted malicious server in an OpenShift cluster. The biggest impact is to availability. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Pla... • https://access.redhat.com/security/cve/CVE-2023-0056 • CWE-400: Uncontrolled Resource Consumption •