Vulnerabilities > Redhat > Keycloak

DATE CVE VULNERABILITY TITLE RISK
2021-03-08 CVE-2020-27838 Unspecified vulnerability in Redhat Keycloak and Single Sign-On
A flaw was found in keycloak in versions prior to 13.0.0.
network
low complexity
redhat
6.5
2021-02-11 CVE-2020-1717 Information Exposure Through an Error Message vulnerability in Redhat products
A flaw was found in Keycloak 7.0.1.
network
low complexity
redhat CWE-209
2.7
2021-02-11 CVE-2020-10734 Unspecified vulnerability in Redhat products
A vulnerability was found in keycloak in the way that the OIDC logout endpoint does not have CSRF protection.
local
low complexity
redhat
3.3
2021-01-28 CVE-2020-1725 Incorrect Authorization vulnerability in Redhat Keycloak
A flaw was found in keycloak before version 13.0.0.
network
low complexity
redhat CWE-863
5.4
2020-12-15 CVE-2020-14302 Authentication Bypass by Capture-replay vulnerability in Redhat Keycloak
A flaw was found in Keycloak before 13.0.0 where an external identity provider, after successful authentication, redirects to a Keycloak endpoint that accepts multiple invocations with the use of the same "state" parameter.
network
low complexity
redhat CWE-294
4.9
2020-12-15 CVE-2020-10770 Server-Side Request Forgery (SSRF) vulnerability in Redhat Keycloak
A flaw was found in Keycloak before 13.0.0, where it is possible to force the server to call out an unverified URL using the OIDC parameter request_uri.
network
low complexity
redhat CWE-918
5.3
2020-11-17 CVE-2020-14389 Use of Password Hash With Insufficient Computational Effort vulnerability in Redhat Keycloak
It was found that Keycloak before version 12.0.0 would permit a user with only view-profile role to manage the resources in the new account console, allowing access and modification of data the user was not intended to have.
network
low complexity
redhat CWE-916
8.1
2020-11-17 CVE-2020-10776 Cross-site Scripting vulnerability in Redhat Keycloak
A flaw was found in Keycloak before version 12.0.0, where it is possible to add unsafe schemes for the redirect_uri parameter.
network
low complexity
redhat CWE-79
4.8
2020-11-09 CVE-2020-14366 Path Traversal vulnerability in Redhat Keycloak
A vulnerability was found in keycloak, where path traversal using URL-encoded path segments in the request is possible because the resources endpoint applies a transformation of the url path to the file path.
network
low complexity
redhat CWE-22
7.5
2020-09-16 CVE-2020-1694 Incorrect Permission Assignment for Critical Resource vulnerability in Redhat Keycloak
A flaw was found in all versions of Keycloak before 10.0.0, where the NodeJS adapter did not support the verify-token-audience.
network
low complexity
redhat CWE-732
4.9