Security: keycloak/keycloak
Security Advisories
View information about security vulnerabilities from this repository's maintainers.
-
Exposure of sensitive information in Pushed Authorization Requests (PAR)GHSA-69fp-7c8p-crjr published
Jun 10, 2024 by abstractjHigh -
Unvalidated cross-origin messages in checkLoginIframe leads to DDoSGHSA-m6q9-p373-g5q8 published
Apr 17, 2024 by abstractjHigh -
Path transversal in redirection validationGHSA-72vp-xfrc-42xm published
Apr 17, 2024 by abstractjHigh -
Session hijacking via re-authenticationGHSA-c9h6-v78w-52wj published
Apr 17, 2024 by abstractjModerate -
Impersonation via logout token exchangeGHSA-7fpj-9hr8-28vh published
Apr 17, 2024 by abstractjLow -
XSS via assertion consumer service URL in SAML POST-binding flowGHSA-8rmm-gm28-pj8q published
Apr 17, 2024 by abstractjHigh -
Path traversal in the redirect validationGHSA-mrv8-pqfj-7gp5 published
Apr 17, 2024 by abstractjHigh -
Authorization BypassGHSA-46c8-635v-68r2 published
Apr 17, 2024 by abstractjModerate -
Log Injection during WebAuthn authentication or registrationGHSA-j628-q885-8gr5 published
Apr 17, 2024 by abstractjLow -
keycloak-core: open redirect via "form_post.jwt" JARM response modeGHSA-9vm7-v8wj-3fqw published
Jan 22, 2024 by abstractjModerate