Total
74 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2019-10201 | 1 Redhat | 2 Keycloak, Single Sign-on | 2020-10-02 | 5.5 MEDIUM | 8.1 HIGH |
It was found that Keycloak's SAML broker, versions up to 6.0.1, did not verify missing message signatures. If an attacker modifies the SAML Response and removes the <Signature> sections, the message is still accepted, and the message can be modified. An attacker could use this flaw to impersonate other users and gain access to sensitive information. | |||||
CVE-2020-10748 | 1 Redhat | 2 Keycloak, Single Sign-on | 2020-09-28 | 4.3 MEDIUM | 6.1 MEDIUM |
A flaw was found in Keycloak's data filter, in version 10.0.1, where it allowed the processing of data URLs in some circumstances. This flaw allows an attacker to conduct cross-site scripting or further attacks. | |||||
CVE-2020-1710 | 1 Redhat | 4 Jboss Data Grid, Jboss Enterprise Application Platform, Openshift Application Runtimes and 1 more | 2020-09-22 | 5.0 MEDIUM | 5.3 MEDIUM |
The issue appears to be that JBoss EAP 6.4.21 does not parse the field-name in accordance to RFC7230[1] as it returns a 200 instead of a 400. | |||||
CVE-2020-1757 | 1 Redhat | 6 Jboss Data Grid, Jboss Enterprise Application Platform, Jboss Fuse and 3 more | 2020-04-30 | 5.5 MEDIUM | 8.1 HIGH |
A flaw was found in all undertow-2.x.x SP1 versions prior to undertow-2.0.30.SP1, all undertow-1.x.x and undertow-2.x.x versions prior to undertow-2.1.0.Final, where the Servlet container causes servletPath to normalize incorrectly by truncating the path after semicolon which may lead to an application mapping resulting in the security bypass. | |||||
CVE-2020-1697 | 1 Redhat | 2 Keycloak, Single Sign-on | 2020-03-11 | 3.5 LOW | 5.4 MEDIUM |
It was found in all keycloak versions before 9.0.0 that links to external applications (Application Links) in the admin console are not validated properly and could allow Stored XSS attacks. An authed malicious user could create URLs to trick users in other realms, and possibly conduct further attacks. | |||||
CVE-2019-14843 | 1 Redhat | 2 Jboss Enterprise Application Platform, Single Sign-on | 2020-01-15 | 6.5 MEDIUM | 8.8 HIGH |
A flaw was found in Wildfly Security Manager, running under JDK 11 or 8, that authorized requests for any requester. This flaw could be used by a malicious app deployed on the app server to access unauthorized information and possibly conduct further attacks. Versions shipped with Red Hat Jboss EAP 7 and Red Hat SSO 7 are vulnerable to this issue. | |||||
CVE-2019-14837 | 1 Redhat | 2 Keycloak, Single Sign-on | 2020-01-15 | 6.4 MEDIUM | 9.1 CRITICAL |
A flaw was found in keycloack before version 8.0.0. The owner of 'placeholder.org' domain can setup mail server on this domain and knowing only name of a client can reset password and then log in. For example, for client name 'test' the email address will be 'service-account-test@placeholder.org'. | |||||
CVE-2019-3875 | 1 Redhat | 2 Keycloak, Single Sign-on | 2019-10-09 | 5.8 MEDIUM | 4.8 MEDIUM |
A vulnerability was found in keycloak before 6.0.2. The X.509 authenticator supports the verification of client certificates through the CRL, where the CRL list can be obtained from the URL provided in the certificate itself (CDP) or through the separately configured path. The CRL are often available over the network through unsecured protocols ('http' or 'ldap') and hence the caller should verify the signature and possibly the certification path. Keycloak currently doesn't validate signatures on CRL, which can result in a possibility of various attacks like man-in-the-middle. | |||||
CVE-2019-3872 | 1 Redhat | 3 Enterprise Linux, Jboss Enterprise Application Platform, Single Sign-on | 2019-10-09 | 3.5 LOW | 5.4 MEDIUM |
It was found that a SAMLRequest containing a script could be processed by Picketlink versions shipped in Jboss Application Platform 7.2.x and 7.1.x. An attacker could use this to send a malicious script to achieve cross-site scripting and obtain unauthorized information or conduct further attacks. | |||||
CVE-2019-10157 | 1 Redhat | 2 Keycloak, Single Sign-on | 2019-10-09 | 2.1 LOW | 5.5 MEDIUM |
It was found that Keycloak's Node.js adapter before version 4.8.3 did not properly verify the web token received from the server in its backchannel logout . An attacker with local access could use this to construct a malicious web token setting an NBF parameter that could prevent user access indefinitely. | |||||
CVE-2018-14655 | 1 Redhat | 3 Keycloak, Linux, Single Sign-on | 2019-10-09 | 3.5 LOW | 5.4 MEDIUM |
A flaw was found in Keycloak 3.4.3.Final, 4.0.0.Beta2, 4.3.0.Final. When using 'response_mode=form_post' it is possible to inject arbitrary Javascript-Code via the 'state'-parameter in the authentication URL. This allows an XSS-Attack upon succesfully login. | |||||
CVE-2018-10894 | 1 Redhat | 3 Enterprise Linux, Keycloak, Single Sign-on | 2019-10-09 | 5.5 MEDIUM | 5.4 MEDIUM |
It was found that SAML authentication in Keycloak 3.4.3.Final incorrectly authenticated expired certificates. A malicious user could use this to access unauthorized data or possibly conduct further attacks. | |||||
CVE-2019-3873 | 1 Redhat | 3 Enterprise Linux, Jboss Enterprise Application Platform, Single Sign-on | 2019-07-06 | 6.0 MEDIUM | 9.0 CRITICAL |
It was found that Picketlink as shipped with Jboss Enterprise Application Platform 7.2 would accept an xinclude parameter in SAMLresponse XML. An attacker could use this flaw to send a URL to achieve cross-site scripting or possibly conduct further attacks. | |||||
CVE-2018-10934 | 1 Redhat | 3 Enterprise Linux Server, Jboss Enterprise Application Platform, Single Sign-on | 2019-06-11 | 3.5 LOW | 5.4 MEDIUM |
A cross-site scripting (XSS) vulnerability was found in the JBoss Management Console versions before 7.1.6.CR1, 7.1.6.GA. Users with roles that can create objects in the application can exploit this to attack other privileged users. |