Homepage
About Snyk

org.keycloak:keycloak-core@24.0.4 vulnerabilities

Go back to all versions of this package
Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the org.keycloak:keycloak-core package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • M
Use of a Key Past its Expiration Date

org.keycloak:keycloak-core is an open source identity and access management solution.

Affected versions of this package are vulnerable to Use of a Key Past its Expiration Date due to the extended validation period of OTP codes. An attacker can gain unauthorized access by using expired OTP codes that should no longer be valid.

How to fix Use of a Key Past its Expiration Date?

Upgrade org.keycloak:keycloak-core to version 24.0.7, 25.0.4 or higher.

[,24.0.7) [25.0.0,25.0.4)
  • M
Unprotected Transport of Credentials

org.keycloak:keycloak-core is an open source identity and access management solution.

Affected versions of this package are vulnerable to Unprotected Transport of Credentials for the LDAP testing endpoint, which allows the modification of the Connection URL without entering the LDAP bind credentials. An attacker with manage-realm permission can redirect the LDAP host to an arbitrary URL.

How to fix Unprotected Transport of Credentials?

Upgrade org.keycloak:keycloak-core to version 24.0.6, 25.0.1 or higher.

[,24.0.6) [25.0.0,25.0.1)
Go back to all versions of this package