Vulnerabilities > Redhat > Keycloak > Low
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-01-13 | CVE-2023-0091 | Incorrect Authorization vulnerability in Redhat Keycloak A flaw was found in Keycloak, where it did not properly check client tokens for possible revocation in its client credential flow. | 3.8 |
2021-02-11 | CVE-2020-10734 | Unspecified vulnerability in Redhat products A vulnerability was found in keycloak in the way that the OIDC logout endpoint does not have CSRF protection. | 3.3 |
2021-02-11 | CVE-2020-1717 | Information Exposure Through an Error Message vulnerability in Redhat products A flaw was found in Keycloak 7.0.1. | 2.7 |
2019-04-24 | CVE-2019-3868 | Information Exposure vulnerability in Redhat Keycloak Keycloak up to version 6.0.0 allows the end user token (access or id token JWT) to be used as the session cookie for browser sessions for OIDC. | 3.8 |