Red hat Keycloak Vulnerabilities

Cookies vulnerability could lead to unauthorized data access or modification

CVE-2024-12397

Red HatCryostat 37.4HIGH

information leakage vulnerability

CVE-2024-4109

Red Hat7.5HIGH

Authorization Code Injection Vulnerability in RH SSO OIDC Adapter

CVE-2024-12369

Red HatRed Hat Build Of Keycloak4.2MEDIUM

Low-Privilege Users Can Access Administrative Functionalities, Risking Data Breaches or System Compromise

CVE-2024-3656

Red Hat📈👾🟡8.1HIGH

Attackers can Redirect Users to Arbitrary URLs, Exposing Sensitive Information

CVE-2024-8883

Red HatRed Hat Build Of Keycloak6.1MEDIUM

Flaw in SAML Signature Validation Method Allows Privilege Escalation or Impersonation Attacks

CVE-2024-8698

Red HatRed Hat Build Of Keycloak👾🟡📰7.7HIGH

Undertow ProxyProtocolReadListener Vulnerability

CVE-2024-7885

Red HatRed Hat Build Of Apach...7.5HIGH

Undertow Vulnerability: Enabling Learning-Push Handler Can Prevent Attacks

CVE-2024-3653

Red HatRed Hat Jboss Enterpri...5.3MEDIUM

Undertow Vulnerability Leads to Denial of Service Attack

CVE-2024-5971

Red HatRed Hat Build Of Apach...7.5HIGH

Undertow Ajp-Listener Vulnerability: URL-Encoded Request Path Information Can Be Broken

CVE-2024-6162

Red HatEap 8.0.17.5HIGH

LDAP Endpoint Vulnerability Allows Credentials Leakage

CVE-2024-5967

Red HatRed Hat Build Of Keycloak2.7LOW

Keycloak: exposure of sensitive information in pushed authorization requests (par) kc_restart cookie

CVE-2024-4540

Red HatRed Hat Build Of Keycloak7.5HIGH

Database Logging Vulnerability Exposes User Credentials

CVE-2024-1102

Red HatRed Hat Jboss Enterpri...6.5MEDIUM

Keycloak: log injection during webauthn authentication or registration

CVE-2023-6484

Red HatRed Hat Build Of Keycl...5.3MEDIUM

Keycloak Authentication Bypass Vulnerability

CVE-2023-3597

Red Hat5MEDIUM

Bypass of Redirect URI Validation in Keycloak May Lead to Access Token Theft

CVE-2024-2419

Red HatUpstream7.1HIGH

Millions of Requests in Seconds: Keycloak OIDC Flaw Affects Application Availability

CVE-2024-1249

Red Hat7.4HIGH

Keycloak Flaw Allows Attackers to Bypass Validation and Access Sensitive Information

CVE-2024-1132

Red HatMigration Toolkit For ...8.1HIGH

Quarkus-core: leak of local configuration properties into quarkus applications

CVE-2024-2700

Red HatRed Hat AMQ Streams 2.7.07HIGH

Memory Leak in TLS and SNI Support in Eclipse Vert.x Toolkit Allows Attackers to Trigger JVM Out-of-Memory Error

CVE-2024-1300

Red HatCeq 3.25.4MEDIUM

Memory Leak Vulnerability in Eclipse Vert.x Toolkit

CVE-2024-1023

Red HatCeq 3.26.5MEDIUM

Stack Overflow Exception in XNIO NotifierState Could Lead to Denial of Service

CVE-2023-5685

Red HatEap 7.4.147.5HIGH

Remote Unauthenticated Attacker Can Block Other Accounts from Logging In

CVE-2024-1722

Red HatKeycloak-core

Undertow Vulnerability Impacts Wildfly-HTTP-Client Server

CVE-2024-1635

Red HatRed Hat Jboss Enterpri...7.5HIGH

Keycloak: redirect_uri validation bypass

CVE-2023-6291

Red HatRed Hat Build Of Keycl...7.1HIGH

Vulnerability Published:

Sort By:

12 December 2024

Cookies vulnerability could lead to unauthorized data access or modification

information leakage vulnerability

9 December 2024

Authorization Code Injection Vulnerability in RH SSO OIDC Adapter

9 October 2024

Low-Privilege Users Can Access Administrative Functionalities, Risking Data Breaches or System Compromise

19 September 2024

Attackers can Redirect Users to Arbitrary URLs, Exposing Sensitive Information

Flaw in SAML Signature Validation Method Allows Privilege Escalation or Impersonation Attacks

21 August 2024

Undertow ProxyProtocolReadListener Vulnerability

8 July 2024

Undertow Vulnerability: Enabling Learning-Push Handler Can Prevent Attacks

Undertow Vulnerability Leads to Denial of Service Attack

20 June 2024

Undertow Ajp-Listener Vulnerability: URL-Encoded Request Path Information Can Be Broken

18 June 2024

LDAP Endpoint Vulnerability Allows Credentials Leakage

3 June 2024

Keycloak: exposure of sensitive information in pushed authorization requests (par) kc_restart cookie

25 April 2024

Database Logging Vulnerability Exposes User Credentials

Keycloak: log injection during webauthn authentication or registration

Keycloak Authentication Bypass Vulnerability

17 April 2024

Bypass of Redirect URI Validation in Keycloak May Lead to Access Token Theft

Millions of Requests in Seconds: Keycloak OIDC Flaw Affects Application Availability

Keycloak Flaw Allows Attackers to Bypass Validation and Access Sensitive Information

4 April 2024

Quarkus-core: leak of local configuration properties into quarkus applications

2 April 2024

Memory Leak in TLS and SNI Support in Eclipse Vert.x Toolkit Allows Attackers to Trigger JVM Out-of-Memory Error

27 March 2024

Memory Leak Vulnerability in Eclipse Vert.x Toolkit

22 March 2024

Stack Overflow Exception in XNIO NotifierState Could Lead to Denial of Service

29 February 2024

Remote Unauthenticated Attacker Can Block Other Accounts from Logging In

19 February 2024

Undertow Vulnerability Impacts Wildfly-HTTP-Client Server

26 January 2024

Keycloak: redirect_uri validation bypass