org.keycloak:keycloak-saml-core@23.0.1 vulnerabilities

latest version

26.0.4
latest non vulnerable version

26.0.4
first published

10 years ago
latest version published

24 days ago
licenses detected
- Apache-2.0
  [1.1.0.Beta1,)
package manager

View on Maven Repository

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the org.keycloak:keycloak-saml-core package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability Vulnerable Version

Vulnerability	Vulnerable Version
M Improper Verification of Cryptographic Signature org.keycloak:keycloak-saml-core is an Identity and Access Management plugin for Keycloak. Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature due to the flawed SAML signature validation method in the `XMLSignatureUtil` class. An attacker can escalate privileges or impersonate another user by crafting responses that bypass the validation process. How to fix Improper Verification of Cryptographic Signature? Upgrade `org.keycloak:keycloak-saml-core` to version 22.0.13, 24.0.8, 25.0.6 or higher.	[,22.0.13) [23.0.0,24.0.8) [25.0.0,25.0.6)
M Improper Verification of Cryptographic Signature org.keycloak:keycloak-saml-core is an Identity and Access Management plugin for Keycloak. Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature improper validation logic in the signature validation method, which relies on the position of signatures rather than explicitly checking the referenced elements. An attacker can escalate privileges or impersonate another user by crafting responses that bypass the signature validation. This facilitates unauthorized access to high-privileged accounts in SAML-based identity providers and service providers. How to fix Improper Verification of Cryptographic Signature? Upgrade `org.keycloak:keycloak-saml-core` to version 22.0.13, 24.0.8, 25.0.6 or higher.	[,22.0.13) [23.0.0,24.0.8) [25.0.0,25.0.6)

Improper Verification of Cryptographic Signature

org.keycloak:keycloak-saml-core is an Identity and Access Management plugin for Keycloak.

Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature due to the flawed SAML signature validation method in the XMLSignatureUtil class. An attacker can escalate privileges or impersonate another user by crafting responses that bypass the validation process.

How to fix Improper Verification of Cryptographic Signature?

Upgrade org.keycloak:keycloak-saml-core to version 22.0.13, 24.0.8, 25.0.6 or higher.

[,22.0.13) [23.0.0,24.0.8) [25.0.0,25.0.6)

Improper Verification of Cryptographic Signature

org.keycloak:keycloak-saml-core is an Identity and Access Management plugin for Keycloak.

Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature improper validation logic in the signature validation method, which relies on the position of signatures rather than explicitly checking the referenced elements. An attacker can escalate privileges or impersonate another user by crafting responses that bypass the signature validation. This facilitates unauthorized access to high-privileged accounts in SAML-based identity providers and service providers.

How to fix Improper Verification of Cryptographic Signature?

Upgrade org.keycloak:keycloak-saml-core to version 22.0.13, 24.0.8, 25.0.6 or higher.

[,22.0.13) [23.0.0,24.0.8) [25.0.0,25.0.6)

Go back to all versions of this package

org.keycloak:keycloak-saml-core@23.0.1 vulnerabilities

latest version

latest non vulnerable version

first published

latest version published

licenses detected

package manager

Direct Vulnerabilities