Redhat.com Keycloak
4 CVEs affecting Redhat.com Keycloak. Latest disclosed: 2023-08-04. Critical: 1, High: 0.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2022-3782 | Critical | 9.1 | 2023-01-13 | keycloak: path traversal via double URL encoding. A flaw was found in Keycloak, where it does not properly validate URLs included in a redirect. An attacker ca… |
CVE-2023-0105 | Medium | 6.5 | 2023-01-13 | A flaw was found in Keycloak. This flaw allows impersonation and lockout due to the email trust not being handled correctly in Keycloak. An attacker can shadow… |
CVE-2023-0264 | Medium | 5.0 | 2023-08-04 | A flaw was found in Keycloaks OpenID Connect user authentication, which may incorrectly authenticate requests. An authenticated attacker who could obtain infor… |
CVE-2023-0091 | Low | 3.8 | 2023-01-13 | A flaw was found in Keycloak, where it did not properly check client tokens for possible revocation in its client credential flow. This flaw allows an attacker… |