org.keycloak

174 tracked vulnerabilities.

CVE-2020-1725 MEDIUM
Keycloak < 13.0.0 - Incorrect Authorization
Jan 28, 2021
CVSS 5.4
EPSS 0.00
CVE-2020-10770 MEDIUM NUCLEI
Keycloak < 13.0.0 - Server-Side Request Forgery via OIDC request_uri Parameter
Dec 15, 2020
CVSS 5.3
EPSS 0.92
CVE-2020-14389 HIGH
Keycloak <12.0.0 - Privilege Escalation
Nov 17, 2020
CVSS 8.1
EPSS 0.00
CVE-2020-10776 MEDIUM
Keycloak < 12.0.0 - Cross-Site Scripting via Unsafe Redirect URI Schemes
Nov 17, 2020
CVSS 4.8
EPSS 0.00
CVE-2020-14366 MEDIUM
Keycloak < 12.0.0 - Path Traversal via URL-Encoded Path Segments
Nov 09, 2020
CVSS 6.8
EPSS 0.00
CVE-2020-1694 MEDIUM
Keycloak < 10.0.0 - Unauthenticated Information Disclosure via NodeJS Adapter
Sep 16, 2020
CVSS 4.9
EPSS 0.00
CVE-2020-10748 MEDIUM
Keycloak 10.0.1 - Cross-Site Scripting via Data URL Processing
Sep 16, 2020
CVSS 6.1
EPSS 0.00
CVE-2020-10758 HIGH
Keycloak < 11.0.1 - Denial of Service via Malformed Content-Length Header
Sep 16, 2020
CVSS 7.5
EPSS 0.01
CVE-2020-1758 MEDIUM
Keycloak < 10.0.0 - Improper Certificate Validation in SMTP TLS Hostname Verification
May 15, 2020
CVSS 5.3
EPSS 0.00
CVE-2020-1714 HIGH
Keycloak < 11.0.0 - Remote Code Execution via Unsafe Deserialization
May 13, 2020
CVSS 8.8
EPSS 0.02
CVE-2020-1718 HIGH
Keycloak <8.0.0 - Privilege Escalation
May 12, 2020
CVSS 7.1
EPSS 0.00
CVE-2020-1724 MEDIUM
Keycloak < 9.0.2 - Insufficient Session Expiration
May 11, 2020
CVSS 4.3
EPSS 0.00
CVE-2020-1698 MEDIUM
Keycloak < 9.0.0 - Password Exposure via HttpMethod Exception Logging
May 11, 2020
CVSS 5.0
EPSS 0.00
CVE-2020-10686 MEDIUM
Keycloak <9.0.1 - Privilege Escalation
May 04, 2020
CVSS 4.1
EPSS 0.00
CVE-2020-1728 MEDIUM
Keycloak < 10.0.0 - Missing HTTP Security Headers in Admin Console
Apr 06, 2020
CVSS 4.8
EPSS 0.00
CVE-2020-1744 MEDIUM
Keycloak < 9.0.1 - Brute Force Protection Bypass via Conditional OTP Authentication Flow
Mar 24, 2020
CVSS 5.6
EPSS 0.00
CVE-2020-1731 CRITICAL
Keycloak Operator <8.0.2 - Info Disclosure
Mar 02, 2020
CVSS 9.1
EPSS 0.00
CVE-2020-1697 MEDIUM
Keycloak < 9.0.0 - Authenticated Stored Cross-Site Scripting via Application Links
Feb 10, 2020
CVSS 6.1
EPSS 0.00
CVE-2019-10170 MEDIUM
Keycloak < 8.0.0 - Authenticated Remote Code Execution via Realm Management Script Policy
May 08, 2020
CVSS 6.6
EPSS 0.01
CVE-2019-10169 MEDIUM
Keycloak < 8.0.0 - Authenticated Remote Code Execution via UMA Policy Script Injection
May 08, 2020
CVSS 6.6
EPSS 0.01
CVE-2019-14820 MEDIUM
Keycloak < 8.0.0 - Exposure of Sensitive Information via Internal Adapter Endpoints
Jan 08, 2020
CVSS 4.3
EPSS 0.00
CVE-2019-14837 CRITICAL
Keycloak <8.0.0 - Privilege Escalation
Jan 07, 2020
CVSS 9.1
EPSS 0.01
CVE-2019-14910 CRITICAL
Keycloak 7.x - Improper Certificate Validation in LDAP StartTLS Authentication
Dec 05, 2019
CVSS 9.8
EPSS 0.00
CVE-2019-14909 HIGH
Keycloak 7.x - Authentication Bypass via LDAP Anonymous Bind
Dec 04, 2019
CVSS 8.3
EPSS 0.00
CVE-2019-14832 HIGH
Keycloak < 8.0.0 - Authenticated Incorrect Authorization via Realm Access Bypass
Oct 15, 2019
CVSS 7.5
EPSS 0.00
Products
keycloak-services 74 keycloak-core 48 keycloak-parent 25 keycloak-quarkus-server 9 keycloak-server-spi-private 5 keycloak-ldap-federation 4 keycloak-saml-core 4 keycloak-model-jpa 3 keycloak-saml-adapter-core 3 keycloak-model-infinispan 2 keycloak-quarkus-dist 2 keycloak-account-ui 1 keycloak-adapter-core 1 keycloak-admin-ui 1 keycloak-authz-client 1 keycloak-broker-saml 1 keycloak-common 1 keycloak-js-admin-client 1 keycloak-model-storage-services 1 keycloak-oidc-client-adapter-pom 1
Quick Filters
Critical CVEs With Exploits In CISA KEV