org.keycloak:keycloak-model-infinispan 2.5.1.Final vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the org.keycloak:keycloak-model-infinispan package. This does not include vulnerabilities belonging to this package’s dependencies.

How to fix?

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability	Vulnerable Version
H Access Restriction Bypass org.keycloak:keycloak-model-infinispan is a part of the `keycloak` project. Affected versions of this package are vulnerable to Access Restriction Bypass in the authorization behavior of `infinispan/UserCacheSession.java` and `jpa/JpaUserProvider.java`. An attacker with knowledge of a user ID can use this flaw to access unauthorized information or to carry out further attacks. How to fix Access Restriction Bypass? Upgrade `org.keycloak:keycloak-model-infinispan` to version 7.0.1 or higher.	[,7.0.1)
M Denial of Service (DoS) org.keycloak:keycloak-model-infinispan is a part of the `keycloak` project. Affected versions of this package are vulnerable to Denial of Service (DoS). A flaw was found in keycloak-model-infinispan where `authenticationSessions` map in `RootAuthenticationSessionEntity` grows boundlessly which could lead to a DoS attack. How to fix Denial of Service (DoS)? Upgrade `org.keycloak:keycloak-model-infinispan` to version 14.0.0 or higher.	[,14.0.0)
M Denial of Service (DoS) org.keycloak:keycloak-model-infinispan is a part of the `keycloak` project. Affected versions of this package are vulnerable to Denial of Service (DoS). A Keycloak cluster with multiple nodes could mishandle an expired session replacement and lead to an infinite loop. A malicious authenticated user could use this flaw to achieve Denial of Service on the server. How to fix Denial of Service (DoS)? Upgrade `org.keycloak:keycloak-model-infinispan` to version 4.0.0.Final or higher.	[,4.0.0.Final)

Vulnerability

Vulnerable Version

Access Restriction Bypass

org.keycloak:keycloak-model-infinispan is a part of the keycloak project.

Affected versions of this package are vulnerable to Access Restriction Bypass in the authorization behavior of infinispan/UserCacheSession.java and jpa/JpaUserProvider.java. An attacker with knowledge of a user ID can use this flaw to access unauthorized information or to carry out further attacks.

How to fix Access Restriction Bypass?

Upgrade org.keycloak:keycloak-model-infinispan to version 7.0.1 or higher.

[,7.0.1)

Denial of Service (DoS)

org.keycloak:keycloak-model-infinispan is a part of the keycloak project.

Affected versions of this package are vulnerable to Denial of Service (DoS). A flaw was found in keycloak-model-infinispan where authenticationSessions map in RootAuthenticationSessionEntity grows boundlessly which could lead to a DoS attack.

How to fix Denial of Service (DoS)?

Upgrade org.keycloak:keycloak-model-infinispan to version 14.0.0 or higher.

[,14.0.0)

Denial of Service (DoS)

org.keycloak:keycloak-model-infinispan is a part of the keycloak project.

Affected versions of this package are vulnerable to Denial of Service (DoS). A Keycloak cluster with multiple nodes could mishandle an expired session replacement and lead to an infinite loop. A malicious authenticated user could use this flaw to achieve Denial of Service on the server.

How to fix Denial of Service (DoS)?

Upgrade org.keycloak:keycloak-model-infinispan to version 4.0.0.Final or higher.

[,4.0.0.Final)

org.keycloak:keycloak-model-infinispan@2.5.1.Final vulnerabilities

latest version

latest non vulnerable version

first published

latest version published

licenses detected

package manager

Direct Vulnerabilities

How to fix?