Stian Thorgersen

5 exploits Active since Dec 2017
CVE-2014-3651 NOMISEC HIGH WRITEUP
Keycloak < 1.0.3 - Denial of Service via Large QR Code Size Parameter
JBoss KeyCloak before 1.0.3.Final allows remote attackers to cause a denial of service (resource consumption) via a large value in the size parameter to auth/qrcode, related to QR code generation.
CVSS 7.5
CVE-2014-3651 NOMISEC HIGH WRITEUP
Keycloak < 1.0.3 - Denial of Service via Large QR Code Size Parameter
JBoss KeyCloak before 1.0.3.Final allows remote attackers to cause a denial of service (resource consumption) via a large value in the size parameter to auth/qrcode, related to QR code generation.
CVSS 7.5
CVE-2022-4361 WRITEUP CRITICAL WRITEUP
Keycloak < 21.1.2 - Cross-Site Scripting via AssertionConsumerServiceURL or redirect_uri
Keycloak, an open-source identity and access management solution, has a cross-site scripting (XSS) vulnerability in the SAML or OIDC providers. The vulnerability can allow an attacker to execute malicious scripts by setting the AssertionConsumerServiceURL value or the redirect_uri.
CVSS 10.0
CVE-2024-8883 WRITEUP MEDIUM WRITEUP
Red Hat Build of Keycloak - Open Redirect via Misconfigured Valid Redirect URI
A misconfiguration flaw was found in Keycloak. This issue can allow an attacker to redirect users to an arbitrary URL if a 'Valid Redirect URI' is set to http://localhost or http://127.0.0.1, enabling sensitive information such as authorization codes to be exposed to the attacker, potentially leading to session hijacking.
CVSS 6.1
CVE-2025-13467 WRITEUP MEDIUM WRITEUP
Keycloak LDAP Federation < 26.4.6 - Authenticated Deserialization of Untrusted Data via LDAP Server Configuration
A flaw was found in the Keycloak LDAP User Federation provider. This vulnerability allows an authenticated realm administrator to trigger deserialization of untrusted Java objects via a malicious LDAP server configuration.
CVSS 5.5