Vulnerabilities > Redhat > Keycloak > Low

DATE CVE VULNERABILITY TITLE RISK
2023-01-13 CVE-2023-0091 Incorrect Authorization vulnerability in Redhat Keycloak
A flaw was found in Keycloak, where it did not properly check client tokens for possible revocation in its client credential flow.
network
low complexity
redhat CWE-863
3.8
2021-02-11 CVE-2020-10734 Unspecified vulnerability in Redhat products
A vulnerability was found in keycloak in the way that the OIDC logout endpoint does not have CSRF protection.
local
low complexity
redhat
3.3
2021-02-11 CVE-2020-1717 Information Exposure Through an Error Message vulnerability in Redhat products
A flaw was found in Keycloak 7.0.1.
network
low complexity
redhat CWE-209
2.7
2019-04-24 CVE-2019-3868 Information Exposure vulnerability in Redhat Keycloak
Keycloak up to version 6.0.0 allows the end user token (access or id token JWT) to be used as the session cookie for browser sessions for OIDC.
network
low complexity
redhat CWE-200
3.8