Vulnerabilities > Redhat > Keycloak
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-07-09 | CVE-2021-3637 | Allocation of Resources Without Limits or Throttling vulnerability in Redhat Keycloak A flaw was found in keycloak-model-infinispan in keycloak versions before 14.0.0 where authenticationSessions map in RootAuthenticationSessionEntity grows boundlessly which could lead to a DoS attack. | 5.0 |
| 2021-05-28 | CVE-2020-27826 | Execution with Unnecessary Privileges vulnerability in Redhat Keycloak A flaw was found in Keycloak before version 12.0.0 where it is possible to update the user's metadata attributes using Account REST API. | 4.9 |
| 2021-05-28 | CVE-2021-20195 | Improper Encoding or Escaping of Output vulnerability in Redhat Keycloak A flaw was found in keycloak in versions before 13.0.0. | 6.8 |
| 2021-05-12 | CVE-2021-20202 | Insecure Temporary File vulnerability in Redhat Keycloak A flaw was found in keycloak. | 4.6 |
| 2021-03-23 | CVE-2021-20222 | Cross-site Scripting vulnerability in Redhat Keycloak A flaw was found in keycloak. | 7.5 |
| 2021-03-09 | CVE-2021-20262 | Missing Authentication for Critical Function vulnerability in Redhat Keycloak and Single Sign-On A flaw was found in Keycloak 12.0.0 where re-authentication does not occur while updating the password. | 4.6 |
| 2021-03-08 | CVE-2020-27838 | Improper Authentication vulnerability in Redhat Keycloak A flaw was found in keycloak in versions prior to 13.0.0. | 4.3 |
| 2021-02-11 | CVE-2020-1717 | Information Exposure Through an Error Message vulnerability in Redhat products A flaw was found in Keycloak 7.0.1. | 4.0 |
| 2021-02-11 | CVE-2020-10734 | Cross-Site Request Forgery (CSRF) vulnerability in Redhat products A vulnerability was found in keycloak in the way that the OIDC logout endpoint does not have CSRF protection. | 2.1 |
| 2021-01-28 | CVE-2020-1725 | Incorrect Authorization vulnerability in Redhat Keycloak A flaw was found in keycloak before version 13.0.0. | 5.5 |