Vulnerabilities > Redhat > Keycloak
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-09-25 | CVE-2022-4137 | Cross-site Scripting vulnerability in Redhat Keycloak and Single Sign-On A reflected cross-site scripting (XSS) vulnerability was found in the 'oob' OAuth endpoint due to incorrect null-byte handling. | 6.1 |
| 2023-09-20 | CVE-2022-3916 | Insufficient Session Expiration vulnerability in Redhat products A flaw was found in the offline_access scope in Keycloak. | 6.8 |
| 2023-09-20 | CVE-2022-1438 | Cross-site Scripting vulnerability in Redhat Keycloak A flaw was found in Keycloak. | 4.8 |
| 2023-09-12 | CVE-2023-4918 | Cleartext Transmission of Sensitive Information vulnerability in Redhat Keycloak 22.0.2 A flaw was found in the Keycloak package, more specifically org.keycloak.userprofile. | 8.8 |
| 2023-08-04 | CVE-2023-0264 | Improper Authentication vulnerability in Redhat products A flaw was found in Keycloaks OpenID Connect user authentication, which may incorrectly authenticate requests. | 5.0 |
| 2023-07-07 | CVE-2022-4361 | Cross-site Scripting vulnerability in Redhat products Keycloak, an open-source identity and access management solution, has a cross-site scripting (XSS) vulnerability in the SAML or OIDC providers. | 6.1 |
| 2023-05-26 | CVE-2023-1664 | Improper Certificate Validation vulnerability in Redhat products A flaw was found in Keycloak. | 6.5 |
| 2023-03-29 | CVE-2022-1274 | Cross-site Scripting vulnerability in Redhat Keycloak and Single Sign-On A flaw was found in Keycloak in the execute-actions-email endpoint. | 5.4 |
| 2023-01-13 | CVE-2022-3782 | Path Traversal vulnerability in Redhat Keycloak 20.0.2 keycloak: path traversal via double URL encoding. | 9.1 |
| 2023-01-13 | CVE-2023-0091 | Incorrect Authorization vulnerability in Redhat Keycloak A flaw was found in Keycloak, where it did not properly check client tokens for possible revocation in its client credential flow. | 3.8 |