org.keycloak:keycloak-saml-core@12.0.3 vulnerabilities
-
latest version
26.0.4
-
latest non vulnerable version
-
first published
10 years ago
-
latest version published
24 days ago
-
licenses detected
- [1.1.0.Beta1,)
-
package manager
Direct Vulnerabilities
Known vulnerabilities in the org.keycloak:keycloak-saml-core package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.Vulnerability | Vulnerable Version |
---|---|
org.keycloak:keycloak-saml-core is an Identity and Access Management plugin for Keycloak. Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature due to the flawed SAML signature validation method in the How to fix Improper Verification of Cryptographic Signature? Upgrade |
[,22.0.13)
[23.0.0,24.0.8)
[25.0.0,25.0.6)
|
org.keycloak:keycloak-saml-core is an Identity and Access Management plugin for Keycloak. Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature improper validation logic in the signature validation method, which relies on the position of signatures rather than explicitly checking the referenced elements. An attacker can escalate privileges or impersonate another user by crafting responses that bypass the signature validation. This facilitates unauthorized access to high-privileged accounts in SAML-based identity providers and service providers. How to fix Improper Verification of Cryptographic Signature? Upgrade |
[,22.0.13)
[23.0.0,24.0.8)
[25.0.0,25.0.6)
|
org.keycloak:keycloak-saml-core is an Identity and Access Management plugin for Keycloak. Affected versions of this package are vulnerable to Arbitrary Code Execution. It allows arbitrary Javascript to be uploaded for SAML protocol mapper even if UPLOAD_SCRIPTS feature disabled. An issue was discovered in Keycloak that allows arbitrary Javascript to be uploaded for the SAML protocol mapper even if the UPLOAD_SCRIPTS feature is disabled. How to fix Arbitrary Code Execution? Upgrade |
[,19.0.2)
|