Vulnerabilities > Redhat > Keycloak > Medium

DATE CVE VULNERABILITY TITLE RISK
2024-09-09 CVE-2024-7260 Open Redirect vulnerability in Redhat Build of Keycloak and Keycloak
An open redirect vulnerability was found in Keycloak.
network
low complexity
redhat CWE-601
6.1
2024-09-03 CVE-2024-4629 Improper Enforcement of a Single, Unique Action vulnerability in Redhat products
A vulnerability was found in Keycloak.
network
low complexity
redhat CWE-837
6.5
2023-12-18 CVE-2023-6927 Open Redirect vulnerability in Redhat Keycloak and Single Sign-On
A flaw was found in Keycloak.
network
low complexity
redhat CWE-601
6.1
2023-12-18 CVE-2023-48795 Improper Validation of Integrity Check Value vulnerability in multiple products
The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack.
5.9
2023-12-14 CVE-2023-6134 Cross-site Scripting vulnerability in Redhat products
A flaw was found in Keycloak that prevents certain schemes in redirects, but permits them if a wildcard is appended to the token.
network
low complexity
redhat CWE-79
5.4
2023-09-25 CVE-2022-4137 Cross-site Scripting vulnerability in Redhat Keycloak and Single Sign-On
A reflected cross-site scripting (XSS) vulnerability was found in the 'oob' OAuth endpoint due to incorrect null-byte handling.
network
low complexity
redhat CWE-79
6.1
2023-09-20 CVE-2022-3916 Insufficient Session Expiration vulnerability in Redhat products
A flaw was found in the offline_access scope in Keycloak.
network
high complexity
redhat CWE-613
6.8
2023-09-20 CVE-2022-1438 Cross-site Scripting vulnerability in Redhat Keycloak
A flaw was found in Keycloak.
network
low complexity
redhat CWE-79
4.8
2023-08-04 CVE-2023-0264 Improper Authentication vulnerability in Redhat products
A flaw was found in Keycloaks OpenID Connect user authentication, which may incorrectly authenticate requests.
network
high complexity
redhat CWE-287
5.0
2023-07-07 CVE-2022-4361 Cross-site Scripting vulnerability in Redhat products
Keycloak, an open-source identity and access management solution, has a cross-site scripting (XSS) vulnerability in the SAML or OIDC providers.
network
low complexity
redhat CWE-79
6.1