Bill Burke - Security Researcher - Exploit Intelligence Platform

CVE-2014-3651 NOMISEC HIGH WRITEUP

Keycloak < 1.0.3 - Denial of Service

JBoss KeyCloak before 1.0.3.Final allows remote attackers to cause a denial of service (resource consumption) via a large value in the size parameter to auth/qrcode, related to QR code generation.

CVSS 7.5

View Code

CVE-2022-4137 NOMISEC HIGH STUB

Redhat Keycloak < 20.0.5 - XSS

A reflected cross-site scripting (XSS) vulnerability was found in the 'oob' OAuth endpoint due to incorrect null-byte handling. This issue allows a malicious link to insert an arbitrary URI into a Keycloak error page. This flaw requires a user or administrator to interact with a link in order to be vulnerable. This may compromise user details, allowing it to be changed or collected by an attacker.

CVSS 8.1

View Code

CVE-2022-1274 NOMISEC MEDIUM WORKING POC

Redhat Keycloak < 20.0.5 - Basic XSS

A flaw was found in Keycloak in the execute-actions-email endpoint. This issue allows arbitrary HTML to be injected into emails sent to Keycloak users and can be misused to perform phishing or other attacks against users.

CVSS 5.4

View Code

CVE-2014-3651 NOMISEC HIGH WRITEUP

Keycloak < 1.0.3 - Denial of Service

JBoss KeyCloak before 1.0.3.Final allows remote attackers to cause a denial of service (resource consumption) via a large value in the size parameter to auth/qrcode, related to QR code generation.

CVSS 7.5

View Code