-
Notifications
You must be signed in to change notification settings - Fork 7.4k
Security: keycloak/keycloak
Security Navigation
Security Advisories
View information about security vulnerabilities from this repository's maintainers.
-
Unguarded admin REST API endpoints allows low privilege users to use administrative functionalitiesGHSA-2cww-fgmg-4jqc published
Jun 11, 2024 by rmartincModerate -
Exposure of sensitive information in Pushed Authorization Requests (PAR)GHSA-69fp-7c8p-crjr published
Jun 10, 2024 by abstractjHigh -
Unvalidated cross-origin messages in checkLoginIframe leads to DDoSGHSA-m6q9-p373-g5q8 published
Apr 17, 2024 by abstractjHigh -
Path transversal in redirection validationGHSA-72vp-xfrc-42xm published
Apr 17, 2024 by abstractjHigh -
Session hijacking via re-authenticationGHSA-c9h6-v78w-52wj published
Apr 17, 2024 by abstractjModerate -
Impersonation via logout token exchangeGHSA-7fpj-9hr8-28vh published
Apr 17, 2024 by abstractjLow -
XSS via assertion consumer service URL in SAML POST-binding flowGHSA-8rmm-gm28-pj8q published
Apr 17, 2024 by abstractjHigh -
Path traversal in the redirect validationGHSA-mrv8-pqfj-7gp5 published
Apr 17, 2024 by abstractjHigh -
Authorization BypassGHSA-46c8-635v-68r2 published
Apr 17, 2024 by abstractjModerate -
Log Injection during WebAuthn authentication or registrationGHSA-j628-q885-8gr5 published
Apr 17, 2024 by abstractjLow