Security: keycloak/keycloak
Security Advisories
View information about security vulnerabilities from this repository's maintainers.
-
Sensitive Data Exposure in Keycloak Build ProcessGHSA-v7gv-xpgf-6395 published
Nov 25, 2024 by jonkoopsModerate -
One Time Passcode (OTP) is valid longer than expiration timeSeverityGHSA-xmmm-jw76-q7vg published
Oct 14, 2024 by abstractjModerate -
Improper Verification of SAML Responses Leading to Privilege Escalation in KeycloakGHSA-xgfv-xpx8-qhcr published
Oct 14, 2024 by abstractjHigh -
Vulnerable Redirect URI Validation Results in Open RedirectGHSA-w8gr-xwp4-r9f7 published
Oct 14, 2024 by abstractjModerate -
Session fixation in Elytron SAML adaptersGHSA-5rxp-2rhr-qwqv published
Oct 14, 2024 by abstractjHigh -
Leak of configured LDAP bind credentials through the Keycloak admin consoleGHSA-c25h-c27q-5qpv published
Jun 21, 2024 by rmartincLow -
Improper input validation on Keycloak allows using email as usernameGHSA-4vc8-pg5c-vg4x published
Jun 12, 2024 by abstractjLow -
DoS via account lockoutGHSA-cq42-vhv7-xr7p published
Jun 12, 2024 by abstractjLow -
Potential bypass of brute force protectionGHSA-gc7q-jgjv-vjr2 published
Sep 17, 2024 by abstractjModerate -
Unguarded admin REST API endpoints allows low privilege users to use administrative functionalitiesGHSA-2cww-fgmg-4jqc published
Jun 11, 2024 by rmartincModerate