Vulnerabilities > Redhat > Keycloak > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-10 | CVE-2023-6841 | Unspecified vulnerability in Redhat Keycloak and Single Sign-On A denial of service vulnerability was found in keycloak where the amount of attributes per object is not limited,an attacker by sending repeated HTTP requests could cause a resource exhaustion when the application send back rows with long attribute values. | 7.5 |
| 2024-09-09 | CVE-2024-7341 | Session Fixation vulnerability in Redhat Keycloak A session fixation issue was discovered in the SAML adapters provided by Keycloak. | 7.1 |
| 2024-01-26 | CVE-2023-6291 | Open Redirect vulnerability in Redhat products A flaw was found in the redirect_uri validation logic in Keycloak. | 7.1 |
| 2023-12-14 | CVE-2023-6563 | Allocation of Resources Without Limits or Throttling vulnerability in Redhat products An unconstrained memory consumption vulnerability was discovered in Keycloak. | 7.7 |
| 2023-10-04 | CVE-2023-2422 | Improper Certificate Validation vulnerability in Redhat products A flaw was found in Keycloak. | 7.1 |
| 2023-09-12 | CVE-2023-4918 | Cleartext Transmission of Sensitive Information vulnerability in Redhat Keycloak 22.0.2 A flaw was found in the Keycloak package, more specifically org.keycloak.userprofile. | 8.8 |
| 2022-08-26 | CVE-2021-3632 | Improper Authentication vulnerability in Redhat Keycloak and Single Sign-On A flaw was found in Keycloak. | 7.5 |
| 2021-03-23 | CVE-2021-20222 | Cross-site Scripting vulnerability in Redhat Keycloak A flaw was found in keycloak. | 7.5 |
| 2020-11-17 | CVE-2020-14389 | Use of Password Hash With Insufficient Computational Effort vulnerability in Redhat Keycloak It was found that Keycloak before version 12.0.0 would permit a user with only view-profile role to manage the resources in the new account console, allowing access and modification of data the user was not intended to have. | 8.1 |
| 2020-11-09 | CVE-2020-14366 | Path Traversal vulnerability in Redhat Keycloak A vulnerability was found in keycloak, where path traversal using URL-encoded path segments in the request is possible because the resources endpoint applies a transformation of the url path to the file path. | 7.5 |