Vulnerabilities > Redhat > Keycloak > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-05-28 | CVE-2020-27826 | Unspecified vulnerability in Redhat Keycloak A flaw was found in Keycloak before version 12.0.0 where it is possible to update the user's metadata attributes using Account REST API. | 4.2 |
2021-03-09 | CVE-2021-20262 | Unspecified vulnerability in Redhat Keycloak and Single Sign-On A flaw was found in Keycloak 12.0.0 where re-authentication does not occur while updating the password. low complexity redhat | 6.8 |
2021-03-08 | CVE-2020-27838 | Unspecified vulnerability in Redhat Keycloak and Single Sign-On A flaw was found in keycloak in versions prior to 13.0.0. | 6.5 |
2021-01-28 | CVE-2020-1725 | Incorrect Authorization vulnerability in Redhat Keycloak A flaw was found in keycloak before version 13.0.0. | 5.4 |
2020-12-15 | CVE-2020-14302 | Authentication Bypass by Capture-replay vulnerability in Redhat Keycloak A flaw was found in Keycloak before 13.0.0 where an external identity provider, after successful authentication, redirects to a Keycloak endpoint that accepts multiple invocations with the use of the same "state" parameter. | 4.9 |
2020-12-15 | CVE-2020-10770 | Server-Side Request Forgery (SSRF) vulnerability in Redhat Keycloak A flaw was found in Keycloak before 13.0.0, where it is possible to force the server to call out an unverified URL using the OIDC parameter request_uri. | 5.3 |
2020-11-17 | CVE-2020-10776 | Cross-site Scripting vulnerability in Redhat Keycloak A flaw was found in Keycloak before version 12.0.0, where it is possible to add unsafe schemes for the redirect_uri parameter. | 4.8 |
2020-09-16 | CVE-2020-1694 | Incorrect Permission Assignment for Critical Resource vulnerability in Redhat Keycloak A flaw was found in all versions of Keycloak before 10.0.0, where the NodeJS adapter did not support the verify-token-audience. | 4.9 |
2020-09-16 | CVE-2020-10748 | Cross-site Scripting vulnerability in Redhat Keycloak and Single Sign-On A flaw was found in Keycloak's data filter, in version 10.0.1, where it allowed the processing of data URLs in some circumstances. | 6.1 |
2020-06-22 | CVE-2020-1727 | Improper Input Validation vulnerability in Redhat Keycloak A vulnerability was found in Keycloak before 9.0.2, where every Authorization URL that points to an IDP server lacks proper input validation as it allows a wide range of characters. | 5.4 |