Vulnerabilities > Redhat > Keycloak > Critical

DATE CVE VULNERABILITY TITLE RISK
2023-01-13 CVE-2022-3782 Path Traversal vulnerability in Redhat Keycloak 20.0.2
keycloak: path traversal via double URL encoding.
network
low complexity
redhat CWE-22
critical
9.1
2022-07-08 CVE-2022-1245 Authorization Bypass Through User-Controlled Key vulnerability in Redhat Keycloak
A privilege escalation flaw was found in the token exchange feature of keycloak.
network
low complexity
redhat CWE-639
critical
9.8
2021-05-28 CVE-2021-20195 Improper Encoding or Escaping of Output vulnerability in Redhat Keycloak
A flaw was found in keycloak in versions before 13.0.0.
network
low complexity
redhat CWE-116
critical
9.6
2020-01-07 CVE-2019-14837 Use of Hard-coded Credentials vulnerability in Redhat Keycloak
A flaw was found in keycloack before version 8.0.0.
network
low complexity
redhat CWE-798
critical
9.1
2019-12-05 CVE-2019-14910 Improper Certificate Validation vulnerability in Redhat Keycloak 7.0.0/7.0.1
A vulnerability was found in keycloak 7.x, when keycloak is configured with LDAP user federation and StartTLS is used instead of SSL/TLS from the LDAP server (ldaps), in this case user authentication succeeds even if invalid password has entered.
network
low complexity
redhat CWE-295
critical
9.8