org.keycloak:keycloak-services@23.0.0 vulnerabilities
-
latest version
24.0.3
-
latest non vulnerable version
-
first published
10 years ago
-
latest version published
a month ago
-
licenses detected
- [1.0-alpha-1,)
-
package manager
Direct Vulnerabilities
Known vulnerabilities in the org.keycloak:keycloak-services package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.Vulnerability | Vulnerable Version |
---|---|
org.keycloak:keycloak-services is an open source identity and access management solution for modern applications and services. Affected versions of this package are vulnerable to Path Traversal due to improper URL validation in the redirection process. An attacker can construct a malicious request to bypass validation and access other URLs and potentially sensitive information within the domain. Note: This flaw is particularly concerning for any client that utilizes a wildcard in the Valid Redirect URIs field. How to fix Path Traversal? Upgrade |
[21.1.0,24.0.3)
|
org.keycloak:keycloak-services is an open source identity and access management solution for modern applications and services. Affected versions of this package are vulnerable to Improper Input Validation due to improper handling of error messages during the How to fix Improper Input Validation? Upgrade |
[,23.0.5)
|
org.keycloak:keycloak-services is an open source identity and access management solution for modern applications and services. Affected versions of this package are vulnerable to Origin Validation Error due to the How to fix Origin Validation Error? Upgrade |
[,24.0.3)
|
org.keycloak:keycloak-services is an open source identity and access management solution for modern applications and services. Affected versions of this package are vulnerable to Authentication Bypass due to improper enforcement of token types when validating signatures locally. An authenticated attacker could exchange a logout token for an access token and possibly gain access to data outside of enforced permissions. How to fix Authentication Bypass? Upgrade |
[,24.0.3)
|
org.keycloak:keycloak-services is an open source identity and access management solution for modern applications and services. Affected versions of this package are vulnerable to Open Redirect due to an issue in the How to fix Open Redirect? Upgrade |
[,24.0.3)
|
org.keycloak:keycloak-services is an open source identity and access management solution for modern applications and services. Affected versions of this package are vulnerable to Cross-site Scripting (XSS) due to including JavaScript URIs in the SAML Assertion Consumer Service POST Binding URL (ACS). An attacker can execute arbitrary scripts in the context of the embedding origin on form submission. How to fix Cross-site Scripting (XSS)? Upgrade |
[,24.0.3)
|
org.keycloak:keycloak-services is an open source identity and access management solution for modern applications and services. Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key due to a permissive regular expression hardcoded for filtering allowed hosts to register a dynamic client. A unauthorized user with enough information about the environment could benefit and jeopardize an environment with this specific Dynamic Client Registration with How to fix Authorization Bypass Through User-Controlled Key? Upgrade |
[,24.0.3)
|
org.keycloak:keycloak-services is an open source identity and access management solution for modern applications and services. Affected versions of this package are vulnerable to Missing Critical Step in Authentication in the form of not sufficiently enforcing the second factor in multifactor authentication. A user can register a second factor for a known account, allowing step-up authentication. How to fix Missing Critical Step in Authentication? Upgrade |
[,24.0.3)
|
org.keycloak:keycloak-services is an open source identity and access management solution for modern applications and services. Affected versions of this package are vulnerable to Open Redirect due to improper validation of redirect URIs using the How to fix Open Redirect? Upgrade |
[,23.0.4)
|
org.keycloak:keycloak-services is an open source identity and access management solution for modern applications and services. Affected versions of this package are vulnerable to LDAP Injection through the How to fix LDAP Injection? Upgrade |
[,23.0.1)
|