Vulnerabilities > Redhat > Keycloak

DATE CVE VULNERABILITY TITLE RISK
2020-09-16 CVE-2020-10748 Cross-site Scripting vulnerability in Redhat Keycloak and Single Sign-On
A flaw was found in Keycloak's data filter, in version 10.0.1, where it allowed the processing of data URLs in some circumstances.
network
low complexity
redhat CWE-79
6.1
2020-09-16 CVE-2020-10758 Allocation of Resources Without Limits or Throttling vulnerability in Redhat products
A vulnerability was found in Keycloak before 11.0.1 where DoS attack is possible by sending twenty requests simultaneously to the specified keycloak server, all with a Content-Length header value that exceeds the actual byte count of the request body.
network
low complexity
redhat CWE-770
7.5
2020-06-22 CVE-2020-1727 Improper Input Validation vulnerability in Redhat Keycloak
A vulnerability was found in Keycloak before 9.0.2, where every Authorization URL that points to an IDP server lacks proper input validation as it allows a wide range of characters.
network
low complexity
redhat CWE-20
5.4
2020-05-15 CVE-2020-1758 Improper Certificate Validation vulnerability in Redhat Keycloak
A flaw was found in Keycloak in versions before 10.0.0, where it does not perform the TLS hostname verification while sending emails using the SMTP server.
network
high complexity
redhat CWE-295
5.9
2020-05-13 CVE-2020-1714 Improper Input Validation vulnerability in multiple products
A flaw was found in Keycloak before version 11.0.0, where the code base contains usages of ObjectInputStream without type checks.
network
low complexity
redhat quarkus CWE-20
8.8
2020-05-12 CVE-2020-1718 Improper Authentication vulnerability in Redhat Keycloak
A flaw was found in the reset credential flow in all Keycloak versions before 8.0.0.
network
low complexity
redhat CWE-287
8.8
2020-05-11 CVE-2020-1724 Insufficient Session Expiration vulnerability in Redhat Keycloak
A flaw was found in Keycloak in versions before 9.0.2.
network
low complexity
redhat CWE-613
4.3
2020-05-11 CVE-2020-1698 Information Exposure Through Log Files vulnerability in Redhat Keycloak
A flaw was found in keycloak in versions before 9.0.0.
local
low complexity
redhat CWE-532
5.5
2020-05-08 CVE-2019-10170 Unspecified vulnerability in Redhat Keycloak
A flaw was found in the Keycloak admin console, where the realm management interface permits a script to be set via the policy.
network
low complexity
redhat
7.2
2020-05-08 CVE-2019-10169 Unspecified vulnerability in Redhat Keycloak
A flaw was found in Keycloak’s user-managed access interface, where it would permit a script to be set in the UMA policy.
network
low complexity
redhat
7.2