Redhat Keycloak
3 CVEs affecting Redhat Keycloak. Latest disclosed: 2025-07-10. Critical: 0, High: 2.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2017-12160 | High | 7.2 | 2017-10-26 | It was found that Keycloak oauth would permit an authenticated resource to obtain an access/refresh token pair from the authentication server, permitting indef… |
CVE-2025-7365 | High | 7.1 | 2025-07-10 | A flaw was found in Keycloak. When an authenticated attacker attempts to merge accounts with another existing account during an identity provider (IdP) login… |
CVE-2023-48795 | Medium | 5.9 | 2023-12-18 | The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks… |