org.keycloak:keycloak-services
Keycloak REST Services
Security Advisories for org.keycloak:keycloak-services in maven
Low
2 days ago
Keycloak Admin REST (Representational State Transfer) API does not properly enforce permissions
maven
org.keycloak:keycloak-services
Moderate
about 1 month ago
Keycloak vulnerable to session takeovers due to reuse of session identifiers
maven
org.keycloak:keycloak-services
Moderate
about 2 months ago
Keycloak does not invalidate sessions when "Remember Me" is disabled
maven
org.keycloak:keycloak-services
Moderate
about 2 months ago
Keycloak does not invalidate offline sessions when the offline_access scope is removed
maven
org.keycloak:keycloak-services
Moderate
4 months ago
Keycloak Privilege Escalation Vulnerability in Admin Console (FGAPv2 Enabled)
maven
org.keycloak:keycloak-services
Moderate
4 months ago
Keycloak phishing attack via email verification step in first login flow
maven
org.keycloak:keycloak-services
Moderate
8 months ago
Keycloak vulnerable to two factor authentication bypass
maven
org.keycloak:keycloak-services
Moderate
9 months ago
Keycloak Denial of Service (DoS) Vulnerability via JWT Token Cache
maven
org.keycloak:keycloak-services
Moderate
9 months ago
Improper Authorization in Keycloak Organization Mapper Allows Unauthorized Organization Claims
maven
org.keycloak:keycloak-services
High
about 1 year ago
org.keycloak:keycloak-services has Inefficient Regular Expression Complexity
maven
org.keycloak:keycloak-services
High
about 1 year ago
Keycloak has session fixation in Elytron SAML adapters
maven
org.keycloak:keycloak-services
Moderate
about 1 year ago
Keycloak has Vulnerable Redirect URI Validation Results in Open Redirect
maven
org.keycloak:keycloak-services
Moderate
about 1 year ago
Keycloak Services has a potential bypass of brute force protection
maven
org.keycloak:keycloak-services
Low
over 1 year ago
Keycloak Denial of Service via account lockout
maven
org.keycloak:keycloak-services
Low
over 1 year ago
Keycloak's improper input validation allows using email as username
maven
org.keycloak:keycloak-services
High
over 1 year ago
Keycloak's admin API allows low privilege users to use administrative functions
maven
org.keycloak:keycloak-services
High
over 1 year ago
Keycloak exposes sensitive information in Pushed Authorization Requests (PAR)
maven
org.keycloak:keycloak-services
Low
over 1 year ago
Keycloak vulnerable to impersonation via logout token exchange
maven
org.keycloak:keycloak-services
Moderate
over 1 year ago
Keycloak vulnerable to session hijacking via re-authentication
maven
org.keycloak:keycloak-services
High
over 1 year ago
Keycloak path traversal vulnerability in redirection validation
maven
org.keycloak:keycloak-services
High
over 1 year ago
Keycloak's unvalidated cross-origin messages in checkLoginIframe leads to DDoS
maven
org.keycloak:keycloak-services
Moderate
over 1 year ago
Keycloak vulnerable to log Injection during WebAuthn authentication or registration
maven
org.keycloak:keycloak-services
Moderate
over 1 year ago
Keycloak Authorization Bypass vulnerability
maven
org.keycloak:keycloak-services
Moderate
over 1 year ago
Keycloak Cross-site Scripting (XSS) via assertion consumer service URL in SAML POST-binding flow
maven
org.keycloak:keycloak-services
Moderate
over 1 year ago
Keycloak secondary factor bypass in step-up authentication
maven
org.keycloak:keycloak-services
High
over 1 year ago
Keycloak path traversal vulnerability in the redirect validation
maven
org.keycloak:keycloak-services
High
almost 2 years ago
The redirect_uri validation logic allows for bypassing explicitly allowed hosts that would otherwise be restricted
maven
org.keycloak:keycloak-services
Moderate
almost 2 years ago
Keycloak vulnerable to reflected XSS via wildcard in OIDC redirect_uri
maven
org.keycloak:keycloak-services
Low
about 2 years ago
Keycloak vulnerable to LDAP Injection on UsernameForm Login
maven
org.keycloak:keycloak-services, org.keycloak:keycloak-ldap-federation
High
over 2 years ago
Keycloak vulnerable to Improper Client Certificate Validation for OAuth/OpenID clients
maven
org.keycloak:keycloak-services
Critical
over 2 years ago
Keycloak vulnerable to cross-site scripting when validating URI-schemes on SAML and OIDC
maven
org.keycloak:keycloak-services
Low
over 2 years ago
Client Spoofing within the Keycloak Device Authorisation Grant
maven
org.keycloak:keycloak-server-spi-private, org.keycloak:keycloak-services
High
almost 3 years ago
Keycloak vulnerable to user impersonation via stolen UUID code
maven
org.keycloak:keycloak-services
Moderate
almost 3 years ago
HTML Injection in Keycloak Admin REST API
maven
org.keycloak:keycloak-services
Moderate
almost 3 years ago
Keycloak vulnerable to Cross-site Scripting
maven
org.keycloak:keycloak-services
Moderate
over 3 years ago
JBoss KeyCloak is vulnerable to soft token deletion via CSRF
maven
org.keycloak:keycloak-services
Moderate
over 3 years ago
Keycloak Authentication Error
maven
org.keycloak:keycloak-services, org.keycloak:keycloak-saml-adapter-core
Low
over 3 years ago
Keycloak is vulnerable to IDN homograph attack
maven
org.keycloak:keycloak-services
Moderate
over 3 years ago
Keycloak is vulnerable to IDN homograph attack
maven
org.keycloak:keycloak-services
Critical
over 3 years ago
Keycloak vulnerable to privilege escalation on Token Exchange feature
maven
org.keycloak:keycloak-services
Moderate
almost 4 years ago
Cross-site Scripting in keycloak
maven
org.keycloak:keycloak-services, org.keycloak:keycloak-server-spi-private