Data

Tools

Indexes

Applications

Experiments

Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

GSA_kwCzR0hTQS14cjZxLXFxeDctNTUzZ84AAYP5

High EPSS: 0.00274% (0.50507 Percentile) EPSS:
Permalink JSON

JBoss Keycloak CSRF Vulnerability

Affected Packages Affected Versions Fixed Versions
maven:org.keycloak:keycloak-services < 1.0.3.Final 1.0.3.Final
90 Dependent packages
561 Dependent repositories

Affected Version Ranges

All affected versions

All unaffected versions

5.0.0, 6.0.0, 6.0.1, 7.0.0, 7.0.1, 8.0.0, 8.0.1, 8.0.2, 9.0.0, 9.0.2, 9.0.3, 10.0.0, 10.0.1, 10.0.2, 11.0.0, 11.0.1, 11.0.2, 11.0.3, 12.0.0, 12.0.1, 12.0.2, 12.0.3, 12.0.4, 13.0.0, 13.0.1, 14.0.0, 15.0.0, 15.0.1, 15.0.2, 15.1.0, 15.1.1, 16.0.0, 16.1.0, 16.1.1, 17.0.0, 17.0.1, 18.0.0, 18.0.1, 18.0.2, 19.0.0, 19.0.1, 19.0.2, 19.0.3, 20.0.0, 20.0.1, 20.0.2, 20.0.3, 20.0.4, 20.0.5, 21.0.0, 21.0.1, 21.0.2, 21.1.0, 21.1.1, 21.1.2, 22.0.0, 22.0.1, 22.0.2, 22.0.3, 22.0.4, 22.0.5, 23.0.0, 23.0.1, 23.0.2, 23.0.3, 23.0.4, 23.0.5, 23.0.6, 23.0.7, 24.0.0, 24.0.1, 24.0.2, 24.0.3, 24.0.4, 24.0.5, 25.0.0, 25.0.1, 25.0.2, 25.0.3, 25.0.4, 25.0.5, 25.0.6, 26.0.0, 26.0.1, 26.0.2, 26.0.3, 26.0.4, 26.0.5, 26.0.6, 26.0.7, 26.0.8, 26.1.0, 26.1.1, 26.1.2, 26.1.3, 26.1.4, 26.1.5, 26.2.0, 26.2.1, 26.2.2, 26.2.3, 26.2.4, 26.2.5, 26.3.0, 26.3.1, 26.3.2

The org.keycloak.services.resources.SocialResource.callback method in JBoss KeyCloak before 1.0.3.Final allows remote attackers to conduct cross-site request forgery (CSRF) attacks by leveraging lack of CSRF protection.

References:

Identifiers

GHSA-xr6q-qqx7-553g

CVE-2014-3709

Risk

Severity

High

EPSS

EPSS Percentage: 0.00274

EPSS Percentile: 0.50507

Classification

General

Source

GitHub Advisory Database

Origin

Unspecified

Repository

https://github.com/keycloak/keycloak

Date and time

Published

about 3 years ago

Updated

almost 2 years ago

API

JSON