Vulnerabilities > Redhat > Keycloak > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-01-13 | CVE-2023-0105 | Improper Authentication vulnerability in Redhat Keycloak A flaw was found in Keycloak. | 6.5 |
| 2022-10-19 | CVE-2022-1970 | Open Redirect vulnerability in Redhat Keycloak 18.0.0 keycloak 18.0.0: open redirect in auth endpoint via the redirect_uri parameter. | 6.1 |
| 2022-08-26 | CVE-2021-3856 | Path Traversal vulnerability in Redhat Keycloak ClassLoaderTheme and ClasspathThemeResourceProviderFactory allows reading any file available as a resource to the classloader. | 4.3 |
| 2022-08-23 | CVE-2020-35509 | Improper Certificate Validation vulnerability in Redhat Keycloak 11.0.3/12.0.0 A flaw was found in keycloak affecting versions 11.0.3 and 12.0.0. | 5.4 |
| 2022-08-23 | CVE-2021-3827 | Improper Authentication vulnerability in Redhat Keycloak and Single Sign-On A flaw was found in keycloak, where the default ECP binding flow allows other authentication flows to be bypassed. | 6.8 |
| 2022-04-26 | CVE-2022-1466 | Incorrect Authorization vulnerability in Redhat Keycloak Due to improper authorization, Red Hat Single Sign-On is vulnerable to users performing actions that they should not be allowed to perform. | 4.0 |
| 2022-03-25 | CVE-2021-20323 | Cross-site Scripting vulnerability in Redhat Keycloak A POST based reflected Cross Site Scripting vulnerability on has been identified in Keycloak. | 4.3 |
| 2022-01-25 | CVE-2021-4133 | Incorrect Authorization vulnerability in Redhat Keycloak A flaw was found in Keycloak in versions from 12.0.0 and before 15.1.1 which allows an attacker with any existing user account to create new default user accounts via the administrative REST API even when new user registration is disabled. | 6.5 |
| 2021-07-09 | CVE-2021-3637 | Allocation of Resources Without Limits or Throttling vulnerability in Redhat Keycloak A flaw was found in keycloak-model-infinispan in keycloak versions before 14.0.0 where authenticationSessions map in RootAuthenticationSessionEntity grows boundlessly which could lead to a DoS attack. | 5.0 |
| 2021-05-28 | CVE-2020-27826 | Execution with Unnecessary Privileges vulnerability in Redhat Keycloak A flaw was found in Keycloak before version 12.0.0 where it is possible to update the user's metadata attributes using Account REST API. | 4.9 |