+
Skip to content

CVE-2025-3501 Keycloak hostname verification #39350

New issue
New issue
Closed
Closed
CVE-2025-3501 Keycloak hostname verification#39350
Assignees
shawkins
Labels
kind/bugCategorizes a PR related to a bugkind/cveIssues identified as CVEs on third-party dependencies, or issues which Keycloak is not affectedrelease/26.0.11release/26.2.2release/26.3.0
@stianst

Description

@stianst
stianst
opened on Apr 30, 2025

Description

A flaw was found in Keycloak. By setting a verification policy to 'ALL', the trust store certificate verification is skipped, which is unintended.

Metadata

Metadata

Assignees

Labels

kind/bugCategorizes a PR related to a bugkind/cveIssues identified as CVEs on third-party dependencies, or issues which Keycloak is not affectedrelease/26.0.11release/26.2.2release/26.3.0

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions
    点击 这是indexloc提供的php浏览器服务,不要输入任何密码和下载