Stian Thorgersen

4 exploits Active since Dec 2017
CVE-2014-3651 NOMISEC HIGH WRITEUP
Keycloak < 1.0.3 - Denial of Service
JBoss KeyCloak before 1.0.3.Final allows remote attackers to cause a denial of service (resource consumption) via a large value in the size parameter to auth/qrcode, related to QR code generation.
CVSS 7.5
CVE-2014-3651 NOMISEC HIGH WRITEUP
Keycloak < 1.0.3 - Denial of Service
JBoss KeyCloak before 1.0.3.Final allows remote attackers to cause a denial of service (resource consumption) via a large value in the size parameter to auth/qrcode, related to QR code generation.
CVSS 7.5
CVE-2024-8883 WRITEUP MEDIUM WRITEUP
Redhat Build OF Keycloak < 22.0.13 - Open Redirect
A misconfiguration flaw was found in Keycloak. This issue can allow an attacker to redirect users to an arbitrary URL if a 'Valid Redirect URI' is set to http://localhost or http://127.0.0.1, enabling sensitive information such as authorization codes to be exposed to the attacker, potentially leading to session hijacking.
CVSS 6.1
CVE-2025-13467 WRITEUP MEDIUM WRITEUP
Org.keycloak Keycloak-ldap-federation - Insecure Deserialization
A flaw was found in the Keycloak LDAP User Federation provider. This vulnerability allows an authenticated realm administrator to trigger deserialization of untrusted Java objects via a malicious LDAP server configuration.
CVSS 5.5