org.keycloak:keycloak-saml-wildfly-elytron-adapter@12.0.2 vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the org.keycloak:keycloak-saml-wildfly-elytron-adapter package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • H
Session Fixation

Affected versions of this package are vulnerable to Session Fixation due to the improper handling of session IDs and JSESSIONID cookies during the login process. An attacker can hijack the current session before authentication to trigger session fixation.

How to fix Session Fixation?

Upgrade org.keycloak:keycloak-saml-wildfly-elytron-adapter to version 22.0.12, 24.0.7, 25.0.5 or higher.

[,22.0.12) [24.0.0,24.0.7) [25.0.0,25.0.5)
  • H
Session Fixation

Affected versions of this package are vulnerable to Session Fixation via the IDs and JSESSIONID cookies during the login process. An attacker who hijacks the current session before authentication can maintain control over the session after the victim authenticates.

How to fix Session Fixation?

A fix was pushed into the master branch but not yet published.

[0,)