Red Hat Keycloak Vulnerabilities

Red%20hat Keycloak vulnerabilities.

25 March 2025

OutOfMemoryError Vulnerability in Keycloak Authentication with JWT Tokens
CVE-2025-2559
Red HatRed Hat Build Of Keycloak4.9MEDIUM

22 October 2024

Wildfly Deployment System Vulnerability: Cross-Site Scripting Attacks Possible
CVE-2024-10234
Red Hat7.3HIGH

19 September 2024

Attackers can Redirect Users to Arbitrary URLs, Exposing Sensitive Information
CVE-2024-8883
Red HatRed Hat Build Of Keycloak6.1MEDIUM
Flaw in SAML Signature Validation Method Allows Privilege Escalation or Impersonation Attacks
CVE-2024-8698
Red HatRed Hat Build Of Keycloak👾🟡EPSS 76%📰7.7HIGH

18 June 2024

LDAP Endpoint Vulnerability Allows Credentials Leakage
CVE-2024-5967
Red HatRed Hat Build Of Keycloak2.7LOW

3 June 2024

Keycloak: exposure of sensitive information in pushed authorization requests (par) kc_restart cookie
CVE-2024-4540
Red HatRed Hat Build Of Keycloak7.5HIGH

25 April 2024

17 April 2024

Bypass of Redirect URI Validation in Keycloak May Lead to Access Token Theft
CVE-2024-2419
Red HatUpstream7.1HIGH

22 March 2024

Stack Overflow Exception in XNIO NotifierState Could Lead to Denial of Service
CVE-2023-5685
Red HatEap 7.4.147.5HIGH

26 January 2024

Keycloak: redirect_uri validation bypass
CVE-2023-6291
Red HatRed Hat Build Of Keycl...7.1HIGH

21 December 2023

Client access via device auth request spoof
CVE-2023-2585
Red Hatkeycloak8.1HIGH

18 December 2023

Keycloak: open redirect via "form_post.jwt" jarm response mode
CVE-2023-6927
Red HatRed Hat Build Of Keycl...4.6MEDIUM

14 December 2023

4 October 2023

Oauth client impersonation
CVE-2023-2422
Red Hatkeycloak7.1HIGH

12 September 2023

Plaintext storage of user password
CVE-2023-4918
Red Hatkeycloak8.8HIGH

9 November 2020

Path Traversal Vulnerability in Keycloak by Red Hat
CVE-2020-14366
Red HatKeycloak6.8MEDIUM

15 May 2020

TLS Hostname Verification Flaw in Keycloak by Red Hat
CVE-2020-1758
Red HatKeycloak5.3MEDIUM

13 May 2020

Code Injection Vulnerability in Keycloak by Red Hat
CVE-2020-1714
Red HatKeycloak7.5HIGH

12 May 2020

Improper Access Control in Keycloak by Red Hat
CVE-2020-1718
Red HatKeycloak7.1HIGH

11 May 2020

24 March 2020

Brute Force Protection Flaw in Keycloak by Red Hat
CVE-2020-1744
Red HatKeycloak5.6MEDIUM

2 March 2020

Keycloak Operator Password Management Flaw in Red Hat Product
CVE-2020-1731
Red HatKeycloak9.1CRITICAL