Vulnerabilities > Redhat > Keycloak

DATE CVE VULNERABILITY TITLE RISK
2023-01-13 CVE-2023-0105 Improper Authentication vulnerability in Redhat Keycloak
A flaw was found in Keycloak.
network
low complexity
redhat CWE-287
6.5
2022-08-26 CVE-2022-0225 Cross-site Scripting vulnerability in Redhat Keycloak and Single Sign-On
A flaw was found in Keycloak.
network
low complexity
redhat CWE-79
5.4
2022-08-26 CVE-2021-3632 Improper Authentication vulnerability in Redhat Keycloak and Single Sign-On
A flaw was found in Keycloak.
network
high complexity
redhat CWE-287
7.5
2022-08-26 CVE-2021-3754 Unspecified vulnerability in Redhat Keycloak and Single Sign-On
A flaw was found in keycloak where an attacker is able to register himself with the username same as the email ID of any existing user.
network
low complexity
redhat
5.3
2022-08-26 CVE-2021-3856 Path Traversal vulnerability in Redhat Keycloak
ClassLoaderTheme and ClasspathThemeResourceProviderFactory allows reading any file available as a resource to the classloader.
network
low complexity
redhat CWE-22
4.3
2022-08-23 CVE-2020-35509 Improper Certificate Validation vulnerability in Redhat Keycloak 11.0.3/12.0.0
A flaw was found in keycloak affecting versions 11.0.3 and 12.0.0.
network
low complexity
redhat CWE-295
5.4
2022-08-23 CVE-2021-3827 Improper Authentication vulnerability in Redhat Keycloak and Single Sign-On
A flaw was found in keycloak, where the default ECP binding flow allows other authentication flows to be bypassed.
network
high complexity
redhat CWE-287
6.8
2022-08-22 CVE-2021-3513 Information Exposure Through an Error Message vulnerability in Redhat Keycloak
A flaw was found in keycloak where a brute force attack is possible even when the permanent lockout feature is enabled.
network
low complexity
redhat CWE-209
7.5
2022-08-05 CVE-2022-2668 Unspecified vulnerability in Redhat Keycloak and Single Sign-On
An issue was discovered in Keycloak that allows arbitrary Javascript to be uploaded for the SAML protocol mapper even if the UPLOAD_SCRIPTS feature is disabled
network
low complexity
redhat
7.2
2022-07-08 CVE-2022-1245 Authorization Bypass Through User-Controlled Key vulnerability in Redhat Keycloak
A privilege escalation flaw was found in the token exchange feature of keycloak.
network
low complexity
redhat CWE-639
critical
9.8