CVSS: 7.5EPSS: 0%CPEs: 17EXPL: 0CVE-2023-6291 – Keycloak: redirect_uri validation bypass
https://notcve.org/view.php?id=CVE-2023-6291
26 Jan 2024 — A flaw was found in the redirect_uri validation logic in Keycloak. This issue may allow a bypass of otherwise explicitly allowed hosts. A successful attack may lead to an access token being stolen, making it possible for the attacker to impersonate other users. Se encontró un fallo en la lógica de validación de redirect_uri en Keycloak. Este problema puede permitir la omisión de hosts permitidos explícitamente. • https://access.redhat.com/errata/RHSA-2023:7854 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 7.7EPSS: 1%CPEs: 15EXPL: 1CVE-2023-6563 – Keycloak: offline session token dos
https://notcve.org/view.php?id=CVE-2023-6563
14 Dec 2023 — An unconstrained memory consumption vulnerability was discovered in Keycloak. It can be triggered in environments which have millions of offline tokens (> 500,000 users with each having at least 2 saved sessions). If an attacker creates two or more user sessions and then open the "consents" tab of the admin User Interface, the UI attempts to load a huge number of offline client sessions leading to excessive memory and CPU consumption which could potentially crash the entire system. Se descubrió una vulnerab... • https://access.redhat.com/errata/RHSA-2023:7854 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 7.8EPSS: 6%CPEs: 18EXPL: 0CVE-2023-3223 – Undertow: outofmemoryerror due to @multipartconfig handling
https://notcve.org/view.php?id=CVE-2023-3223
08 Aug 2023 — A flaw was found in undertow. Servlets annotated with @MultipartConfig may cause an OutOfMemoryError due to large multipart content. This may allow unauthorized users to cause remote Denial of Service (DoS) attack. If the server uses fileSizeThreshold to limit the file size, it's possible to bypass the limit by setting the file name in the request to null. Se encontró una falla en el undertow. • https://access.redhat.com/errata/RHSA-2023:4505 • CWE-789: Memory Allocation with Excessive Size Value •
CVSS: 7.5EPSS: 0%CPEs: 9EXPL: 0CVE-2023-2422 – Keycloak: oauth client impersonation
https://notcve.org/view.php?id=CVE-2023-2422
28 Jun 2023 — A flaw was found in Keycloak. A Keycloak server configured to support mTLS authentication for OAuth/OpenID clients does not properly verify the client certificate chain. A client that possesses a proper certificate can authorize itself as any other client, therefore, access data that belongs to other clients. Se encontró una falla en Keycloak. Un servidor Keycloak configurado para admitir la autenticación mTLS para clientes OAuth/OpenID no verifica correctamente la cadena de certificados del cliente. • https://access.redhat.com/errata/RHSA-2023:3883 • CWE-295: Improper Certificate Validation •
CVSS: 9.4EPSS: 0%CPEs: 14EXPL: 0CVE-2023-2585 – Keycloak: client access via device auth request spoof
https://notcve.org/view.php?id=CVE-2023-2585
28 Jun 2023 — Keycloak's device authorization grant does not correctly validate the device code and client ID. An attacker client could abuse the missing validation to spoof a client consent request and trick an authorization admin into granting consent to a malicious OAuth client or possible unauthorized access to an existing OAuth client. La concesión de autorización del dispositivo de Keycloak no valida correctamente el código del dispositivo y la identificación del cliente. Un cliente atacante podría abusar de la val... • https://access.redhat.com/errata/RHSA-2023:3883 • CWE-358: Improperly Implemented Security Check for Standard •
CVSS: 10.0EPSS: 0%CPEs: 13EXPL: 0CVE-2022-4361 – RHSSO: XSS due to lax URI scheme validation
https://notcve.org/view.php?id=CVE-2022-4361
28 Jun 2023 — Keycloak, an open-source identity and access management solution, has a cross-site scripting (XSS) vulnerability in the SAML or OIDC providers. The vulnerability can allow an attacker to execute malicious scripts by setting the AssertionConsumerServiceURL value or the redirect_uri. Red Hat Single Sign-On is an integrated sign-on solution, available as a Red Hat JBoss Middleware for OpenShift containerized image. The Red Hat Single Sign-On for OpenShift image provides an authentication server that you can us... • https://bugzilla.redhat.com/show_bug.cgi?id=2151618 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-81: Improper Neutralization of Script in an Error Message Web Page •
CVSS: 7.8EPSS: 4%CPEs: 29EXPL: 0CVE-2023-1108 – Undertow: infinite loop in sslconduit during close
https://notcve.org/view.php?id=CVE-2023-1108
10 Mar 2023 — A flaw was found in undertow. This issue makes achieving a denial of service possible due to an unexpected handshake status updated in SslConduit, where the loop never terminates. Se encontró una falla en undertow. Este problema hace posible lograr una denegación de servicio debido a un estado de protocolo de enlace inesperado actualizado en SslConduit, donde el bucle nunca termina Red Hat Single Sign-On is an integrated sign-on solution, available as a Red Hat JBoss Middleware for OpenShift containerized i... • https://access.redhat.com/errata/RHSA-2023:1184 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 8.1EPSS: 0%CPEs: 5EXPL: 0CVE-2022-4137 – Keycloak: reflected xss attack
https://notcve.org/view.php?id=CVE-2022-4137
02 Mar 2023 — A reflected cross-site scripting (XSS) vulnerability was found in the 'oob' OAuth endpoint due to incorrect null-byte handling. This issue allows a malicious link to insert an arbitrary URI into a Keycloak error page. This flaw requires a user or administrator to interact with a link in order to be vulnerable. This may compromise user details, allowing it to be changed or collected by an attacker. Se encontró una vulnerabilidad reflejada de scross-site scripting (XSS) en el endpoint de OAuth 'oob' debido a ... • https://access.redhat.com/errata/RHSA-2023:1043 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-81: Improper Neutralization of Script in an Error Message Web Page •
CVSS: 7.6EPSS: 0%CPEs: 13EXPL: 0CVE-2022-1274 – keycloak: HTML injection in execute-actions-email Admin REST API
https://notcve.org/view.php?id=CVE-2022-1274
02 Mar 2023 — A flaw was found in Keycloak in the execute-actions-email endpoint. This issue allows arbitrary HTML to be injected into emails sent to Keycloak users and can be misused to perform phishing or other attacks against users. Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This release of Red Hat Single Sign-On 7.6.2 serves as a replacement for Red Hat Single Sign-On 7.... • https://bugzilla.redhat.com/show_bug.cgi?id=2073157 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) •
CVSS: 5.0EPSS: 3%CPEs: 14EXPL: 1CVE-2023-0264 – keycloak: user impersonation via stolen uuid code
https://notcve.org/view.php?id=CVE-2023-0264
02 Mar 2023 — A flaw was found in Keycloaks OpenID Connect user authentication, which may incorrectly authenticate requests. An authenticated attacker who could obtain information from a user request within the same realm could use that data to impersonate the victim and generate new session tokens. This issue could impact confidentiality, integrity, and availability. Se ha encontrado un fallo en la autenticación de usuarios en OpenID Connect de Keycloak, que podría autenticar incorrectamente las solicitudes. Un atacante... • https://github.com/twwd/CVE-2023-0264 • CWE-287: Improper Authentication CWE-303: Incorrect Implementation of Authentication Algorithm •