Homepage

org.keycloak:keycloak-services@26.1.0 vulnerabilities

  • latest version

    26.1.0

  • first published

    11 years ago

  • latest version published

    1 months ago

  • licenses detected

  • package manager

    View on Maven Repository
    • Go back to all versions of this package
    Report a new vulnerability Found a mistake?

    Direct Vulnerabilities

    Known vulnerabilities in the org.keycloak:keycloak-services package. This does not include vulnerabilities belonging to this package’s dependencies.

    How to fix?

    Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

    Fix for free
    VulnerabilityVulnerable Version
    • M
    Incorrect User Management

    org.keycloak:keycloak-services is an open source identity and access management solution for modern applications and services.

    Affected versions of this package are vulnerable to Incorrect User Management in oidc/OrganizationMembershipMapper.java, which relies on matching the domain of a user's email address to map them to an organization. A user can make an unauthorized token claim including association with an organization that they are not actually mapped to. If self-registration is enabled and unrestricted, this is easier to exploit.

    How to fix Incorrect User Management?

    A fix was pushed into the master branch but not yet published.

    [0,)
    Go back to all versions of this package