Vulnerabilities > Redhat > Keycloak > Low
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-01-13 | CVE-2023-0091 | Incorrect Authorization vulnerability in Redhat Keycloak A flaw was found in Keycloak, where it did not properly check client tokens for possible revocation in its client credential flow. | 3.8 |
| 2022-04-01 | CVE-2021-3461 | Insufficient Session Expiration vulnerability in Redhat Keycloak and Single Sign-On A flaw was found in keycloak where keycloak may fail to logout user session if the logout request comes from external SAML identity provider and Principal Type is set to Attribute [Name]. | 3.3 |
| 2021-02-11 | CVE-2020-10734 | Cross-Site Request Forgery (CSRF) vulnerability in Redhat products A vulnerability was found in keycloak in the way that the OIDC logout endpoint does not have CSRF protection. | 2.1 |
| 2020-11-17 | CVE-2020-10776 | Cross-site Scripting vulnerability in Redhat Keycloak A flaw was found in Keycloak before version 12.0.0, where it is possible to add unsafe schemes for the redirect_uri parameter. | 3.5 |
| 2019-06-12 | CVE-2019-10157 | Improper Authentication vulnerability in Redhat Keycloak It was found that Keycloak's Node.js adapter before version 4.8.3 did not properly verify the web token received from the server in its backchannel logout . | 2.1 |
| 2018-11-13 | CVE-2018-14655 | Cross-site Scripting vulnerability in Redhat Keycloak and Single Sign-On A flaw was found in Keycloak 3.4.3.Final, 4.0.0.Beta2, 4.3.0.Final. | 3.5 |