-
Notifications
You must be signed in to change notification settings - Fork 7.4k
Security: keycloak/keycloak
Security Navigation
Security Advisories
View information about security vulnerabilities from this repository's maintainers.
-
keycloak-core: open redirect via "form_post.jwt" JARM response modeGHSA-9vm7-v8wj-3fqw published
Jan 22, 2024 by abstractjModerate -
The redirect_uri validation logic allows for bypassing explicitly allowed hosts that would otherwise be restrictedGHSA-mpwq-j3xf-7m5w published
Dec 19, 2023 by abstractjHigh -
Reflected XSS via wildcard in OIDC redirect_uriGHSA-cvg2-7c3j-g36j published
Dec 18, 2023 by abstractjModerate -
Plaintext Storage of User PasswordGHSA-5q66-v53q-pm35 published
Sep 12, 2023 by abstractjHigh -
Secondary factor bypass in step-up authenticationGHSA-4f53-xh3v-g8x4 published
Apr 17, 2024 by abstractjModerate -
Impersonation and lockout possible through incorrect handling of email trustGHSA-c7xw-p58w-h6fj published
Jul 18, 2023 by stianstModerate -
Client Spoofing within the Keycloak Device Authorisation GrantGHSA-f5h4-wmp5-xhg6 published
Jun 28, 2023 by abstractjModerate -
Untrusted Certificate ValidationGHSA-5cc8-pgp5-7mpm published
Jun 28, 2023 by abstractjLow -
Improper Client Certificate Validation for OAuth/OpenID clientsGHSA-3qh5-qqj2-c78f published
Jun 28, 2023 by abstractjHigh -
User impersonation via stolen UUID codeGHSA-9g98-5mj6-f9mv published
Mar 2, 2023 by stianstHigh