rh-sso7-keycloak-server vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the rh-sso7-keycloak-server package. This does not include vulnerabilities belonging to this package’s dependencies.

How to fix?

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free
VulnerabilityVulnerable Version
  • M
Improper Handling of Extra Values

*
  • H
Open Redirect

<0:18.0.18-1.redhat_00001.1.el7sso
  • H
Improper Verification of Cryptographic Signature

<0:18.0.18-1.redhat_00001.1.el7sso
  • M
Improper Handling of Extra Values

*
  • M
Session Fixation

<0:18.0.16-1.redhat_00001.1.el7sso
  • M
Improper Enforcement of a Single

<0:18.0.16-1.redhat_00001.1.el7sso
  • M
Incorrect Default Permissions

<0:18.0.16-1.redhat_00001.1.el7sso
  • L
Cleartext Storage of Sensitive Information in a Cookie

<0:18.0.14-1.redhat_00001.1.el7sso
  • H
Resource Exhaustion

<0:18.0.13-1.redhat_00001.1.el7sso
  • H
Origin Validation Error

<0:18.0.13-1.redhat_00001.1.el7sso
  • H
Directory Traversal

<0:18.0.13-1.redhat_00001.1.el7sso
  • H
Permissive Regular Expression

<0:18.0.13-1.redhat_00001.1.el7sso
  • M
Cross-site Scripting (XSS)

*
  • L
Improper Check for Dropped Privileges

*
  • L
Overly Restrictive Account Lockout Mechanism

*
  • M
Improper Authentication

*
  • H
Information Exposure Through Log Files

<0:18.0.12-1.redhat_00001.1.el7sso
  • H
Files or Directories Accessible to External Parties

<0:18.0.12-1.redhat_00001.1.el7sso
  • H
Improper Validation of Syntactic Correctness of Input

<0:18.0.12-1.redhat_00001.1.el7sso
  • H
Allocation of Resources Without Limits or Throttling

<0:18.0.12-1.redhat_00001.1.el7sso
  • M
Inefficient Regular Expression Complexity

*
  • M
Improper Input Validation

<0:18.0.11-3.redhat_00001.1.el7sso
  • M
Open Redirect

<0:18.0.11-3.redhat_00001.1.el7sso
  • H
Allocation of Resources Without Limits or Throttling

<0:18.0.11-2.redhat_00003.1.el7sso
  • H
Open Redirect

<0:18.0.11-2.redhat_00003.1.el7sso
  • H
Improper Output Neutralization for Logs

<0:18.0.13-1.redhat_00001.1.el7sso
  • H
Resource Exhaustion

<0:18.0.11-2.redhat_00001.1.el7sso
  • H
Information Exposure

<0:18.0.11-2.redhat_00001.1.el7sso
  • H
Arbitrary Code Injection

<0:18.0.11-2.redhat_00003.1.el7sso
  • H
Uncontrolled Memory Allocation

<0:18.0.9-1.redhat_00001.1.el7sso
  • H
Cross-site Scripting (XSS)

<0:18.0.8-1.redhat_00001.1.el7sso
  • H
Improperly Implemented Security Check for Standard

<0:18.0.8-1.redhat_00001.1.el7sso
  • H
Improper Certificate Validation

<0:18.0.8-1.redhat_00001.1.el7sso
  • H
Resource Exhaustion

<0:18.0.9-1.redhat_00001.1.el7sso
  • M
Information Exposure Through Server Error Message

<0:18.0.7-1.redhat_00001.1.el7sso
  • H
Uncontrolled Recursion

<0:18.0.9-1.redhat_00001.1.el7sso
  • H
Improper Certificate Validation

<0:18.0.8-1.redhat_00001.1.el7sso
  • H
Loop with Unreachable Exit Condition ('Infinite Loop')

<0:18.0.8-1.redhat_00001.1.el7sso
  • M
Open Redirect

<0:3.4.14-1.Final_redhat_00001.1.jbcs.el7
  • M
Improper Restriction of Excessive Authentication Attempts

<0:3.4.14-1.Final_redhat_00001.1.jbcs.el7
  • M
Cross-site Scripting (XSS)

<0:3.4.14-1.Final_redhat_00001.1.jbcs.el7
  • M
Improper Authentication

<0:3.4.14-1.Final_redhat_00001.1.jbcs.el7
  • M
Insufficient Verification of Data Authenticity

<0:3.4.14-1.Final_redhat_00001.1.jbcs.el7
  • M
Incorrect Authorization

<0:2.5.14-1.Final_redhat_1.1.jbcs.el7
  • M
Improper Authorization

<0:2.5.14-1.Final_redhat_1.1.jbcs.el7
  • M
Insufficient Session Expiration

<0:2.5.14-1.Final_redhat_1.1.jbcs.el7
  • M
HTTP Request Smuggling

<0:2.5.14-1.Final_redhat_1.1.jbcs.el7
  • M
Covert Timing Channel

<0:2.5.14-1.Final_redhat_1.1.jbcs.el7
  • M
Information Exposure

<0:3.4.17-1.Final_redhat_00001.1.jbcs.el7
  • M
Covert Timing Channel

<0:2.5.5-2.Final_redhat_1.1.jbcs.el7
  • M
Resource Exhaustion

<0:2.5.5-2.Final_redhat_1.1.jbcs.el7
  • H
XML External Entity (XXE) Injection

<0:18.0.0-2.redhat_00001.1.el7sso
  • H
Incorrect Authorization

<0:4.8.13-1.Final_redhat_00001.1.el7sso
  • H
Information Exposure

<0:4.8.13-1.Final_redhat_00001.1.el7sso
  • H
Missing Authorization

<0:4.8.13-1.Final_redhat_00001.1.el7sso
  • H
Authentication Bypass

<0:4.8.15-1.Final_redhat_00001.1.el7sso
  • H
Improper Access Control

<0:4.8.15-1.Final_redhat_00001.1.el7sso
  • H
Use of Hard-coded

<0:4.8.15-1.Final_redhat_00001.1.el7sso
  • H
Information Exposure

<0:15.0.4-1.redhat_00003.1.el7sso
  • L
Cross-site Scripting (XSS)

<0:9.0.12-1.redhat_00001.1.el7sso
  • L
Authentication Bypass

<0:9.0.12-1.redhat_00001.1.el7sso
  • H
Incorrect Authorization

<0:15.0.2-3.redhat_00002.1.el7sso
  • H
Information Exposure

<0:15.0.4-1.redhat_00001.1.el7sso
  • H
Improper Authentication

<0:15.0.4-1.redhat_00001.1.el7sso
  • M
Insufficient Session Expiration

<0:9.0.13-1.redhat_00006.1.el7sso
  • M
Improper Authentication

<0:9.0.13-1.redhat_00006.1.el7sso
  • M
Allocation of Resources Without Limits or Throttling

<0:9.0.15-1.redhat_00002.1.el7sso
  • M
Improper Authentication

<0:9.0.15-1.redhat_00002.1.el7sso
  • M
Insufficiently Protected Credentials

<0:9.0.15-1.redhat_00002.1.el7sso
  • M
Improper Input Validation

<0:9.0.15-1.redhat_00002.1.el7sso
  • M
Resource Exhaustion

<0:9.0.15-1.redhat_00002.1.el7sso
  • H
Improperly Implemented Security Check for Standard

<0:9.0.5-1.redhat_00001.1.el7sso
  • H
Resource Exhaustion

<0:9.0.5-1.redhat_00001.1.el7sso
  • M
Server-Side Request Forgery (SSRF)

<0:9.0.11-1.redhat_00001.1.el7sso
  • M
Cross-site Scripting (XSS)

<0:15.0.8-1.redhat_00001.1.el7sso
  • H
Improper Validation of Certificate with Host Mismatch

<0:4.8.20-1.Final_redhat_00001.1.el7sso
  • H
Insufficient Session Expiration

<0:4.8.20-1.Final_redhat_00001.1.el7sso
  • H
Improper Authentication

<0:4.8.20-1.Final_redhat_00001.1.el7sso
  • M
Authorization Bypass Through User-Controlled Key

<0:15.0.6-1.redhat_00002.1.el7sso
  • H
Improper Handling of Exceptional Conditions

<0:4.8.18-1.Final_redhat_00001.1.el7sso
  • L
Execution with Unnecessary Privileges

<0:9.0.10-1.redhat_00001.1.el7sso
  • M
Use of Password Hash With Insufficient Computational Effort

<0:9.0.9-1.redhat_00001.1.el7sso
  • M
Cross-site Scripting (XSS)

<0:9.0.9-1.redhat_00001.1.el7sso
  • M
Improper Access Control

<0:2.5.5-2.Final_redhat_1.1.jbcs.el7
  • L
Information Exposure

*
  • H
Directory Traversal

<0:18.0.0-2.redhat_00001.1.el7sso
  • M
Missing Authentication for Critical Function

*
  • L
Cross-site Request Forgery (CSRF)

*
  • H
Incorrect Implementation of Authentication Algorithm

<0:18.0.6-1.redhat_00001.1.el7sso
  • H
Improper Input Validation

<0:18.0.6-1.redhat_00001.1.el7sso
  • H
Server-Side Request Forgery (SSRF)

<0:18.0.6-1.redhat_00001.1.el7sso
  • H
Improper Input Validation

<0:18.0.6-1.redhat_00001.1.el7sso
  • H
Deserialization of Untrusted Data

<0:18.0.6-1.redhat_00001.1.el7sso
  • H
Cross-site Scripting (XSS)

<0:18.0.6-1.redhat_00001.1.el7sso
  • H
CVE-2022-2764

<0:18.0.6-1.redhat_00001.1.el7sso
  • H
Cross-site Scripting (XSS)

<0:18.0.6-1.redhat_00001.1.el7sso
  • H
Cross-site Scripting (XSS)

<0:18.0.6-1.redhat_00001.1.el7sso
  • L
Covert Timing Channel

*
  • M
Client-Side Enforcement of Server-Side Security

*
  • M
Expected Behavior Violation

<0:15.0.8-1.redhat_00001.1.el7sso
  • M
Resource Exhaustion

<0:18.0.3-1.redhat_00001.1.el7sso
  • M
Unchecked Return Value

<0:18.0.3-1.redhat_00001.1.el7sso
  • M
Incorrect Authorization

<0:15.0.8-1.redhat_00001.1.el7sso
  • M
Memory Leak

<0:18.0.3-1.redhat_00001.1.el7sso
  • M
Cross-site Scripting (XSS)

<0:15.0.8-1.redhat_00001.1.el7sso
  • M
Allocation of Resources Without Limits or Throttling

<0:15.0.8-1.redhat_00001.1.el7sso
  • M
Improper Input Validation

<0:18.0.3-1.redhat_00001.1.el7sso
  • M
Deserialization of Untrusted Data

<0:15.0.8-1.redhat_00001.1.el7sso
  • H
Improper Enforcement of Behavioral Workflow

<0:18.0.11-2.redhat_00001.1.el7sso
  • H
Session Fixation

<0:18.0.6-1.redhat_00001.1.el7sso
  • H
Directory Traversal

<0:18.0.3-1.redhat_00002.1.el7sso
  • M
Information Exposure

<0:18.0.7-1.redhat_00001.1.el7sso
  • L
Improper Input Validation

*
  • M
Improper Authentication

*
  • M
Uncontrolled Recursion

<0:18.0.7-1.redhat_00001.1.el7sso
  • M
HTTP Request Smuggling

<0:15.0.8-1.redhat_00001.1.el7sso
  • M
Creation of Temporary File With Insecure Permissions

<0:18.0.7-1.redhat_00001.1.el7sso
  • M
Improper Certificate Validation

<0:18.0.7-1.redhat_00001.1.el7sso
  • H
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

<0:18.0.6-1.redhat_00001.1.el7sso
  • H
Resource Exhaustion

<0:18.0.6-1.redhat_00001.1.el7sso
  • H
Out-of-bounds Write

<0:18.0.6-1.redhat_00001.1.el7sso
  • M
Out-of-bounds Write

<0:18.0.7-1.redhat_00001.1.el7sso
  • H
Improper Input Validation

<0:18.0.6-1.redhat_00001.1.el7sso
  • H
Incorrect Regular Expression

<0:18.0.6-1.redhat_00001.1.el7sso
  • H
Stack-based Buffer Overflow

<0:18.0.6-1.redhat_00001.1.el7sso
  • H
Resource Exhaustion

<0:18.0.6-1.redhat_00001.1.el7sso
  • H
Deserialization of Untrusted Data

<0:18.0.6-1.redhat_00001.1.el7sso
  • H
Deserialization of Untrusted Data

<0:18.0.6-1.redhat_00001.1.el7sso
  • M
Out-of-bounds Write

<0:18.0.7-1.redhat_00001.1.el7sso
  • H
Out-of-bounds Write

<0:18.0.6-1.redhat_00001.1.el7sso
  • H
Out-of-bounds Write

<0:18.0.6-1.redhat_00001.1.el7sso
  • H
Out-of-bounds Write

<0:18.0.6-1.redhat_00001.1.el7sso
  • H
Resource Exhaustion

<0:18.0.6-1.redhat_00001.1.el7sso
  • H
Resource Exhaustion

<0:18.0.6-1.redhat_00001.1.el7sso
  • H
Directory Traversal

<0:18.0.6-1.redhat_00001.1.el7sso
  • H
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

<0:18.0.6-1.redhat_00001.1.el7sso
  • M
Resource Exhaustion

<0:15.0.8-1.redhat_00001.1.el7sso
  • H
Deserialization of Untrusted Data

<0:15.0.4-1.redhat_00003.1.el7sso
  • H
SQL Injection

<0:15.0.4-1.redhat_00003.1.el7sso
  • H
Deserialization of Untrusted Data

<0:15.0.4-1.redhat_00003.1.el7sso
  • L
Improper Input Validation

<0:15.0.6-1.redhat_00001.1.el7sso
  • H
Improper Input Validation

<0:15.0.4-1.redhat_00003.1.el7sso
  • H
Cross-site Scripting (XSS)

<0:18.0.6-1.redhat_00001.1.el7sso
  • H
Cross-site Scripting (XSS)

<0:18.0.6-1.redhat_00001.1.el7sso
  • H
Cross-site Scripting (XSS)

<0:18.0.6-1.redhat_00001.1.el7sso
  • H
Cross-site Scripting (XSS)

<0:18.0.6-1.redhat_00001.1.el7sso
  • H
Cross-site Scripting (XSS)

<0:18.0.6-1.redhat_00001.1.el7sso
  • H
Resource Exhaustion

<0:4.8.15-1.Final_redhat_00001.1.el7sso
  • H
Resource Exhaustion

<0:4.8.15-1.Final_redhat_00001.1.el7sso
  • H
Resource Exhaustion

<0:4.8.15-1.Final_redhat_00001.1.el7sso
  • L
Improper Input Validation

*
  • H
Deserialization of Untrusted Data

<0:4.8.13-1.Final_redhat_00001.1.el7sso
  • H
Deserialization of Untrusted Data

<0:4.8.13-1.Final_redhat_00001.1.el7sso
  • H
Information Exposure

<0:15.0.4-1.redhat_00001.1.el7sso
  • H
Deserialization of Untrusted Data

<0:4.8.13-1.Final_redhat_00001.1.el7sso