org.keycloak:keycloak-services 26.4.2 vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the org.keycloak:keycloak-services package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free

Vulnerability	Vulnerable Version
L Missing Critical Step in Authentication org.keycloak:keycloak-services is an open source identity and access management solution for modern applications and services. Affected versions of this package are vulnerable to Missing Critical Step in Authentication in the WebAuthn Attestation Statement verification. An attacker can influence policy enforcement by manipulating the registration flow or using a rogue authenticator under user control. How to fix Missing Critical Step in Authentication? There is no fixed version for `org.keycloak:keycloak-services`.	[0,)
M Exposure of Sensitive System Information to an Unauthorized Control Sphere org.keycloak:keycloak-services is an open source identity and access management solution for modern applications and services. Affected versions of this package are vulnerable to Exposure of Sensitive System Information to an Unauthorized Control Sphere via the `/admin/serverinfo` endpoint, which exposes internal server details, when an authenticated user logs into the system or accesses the admin console. Note: Direct access to this endpoint returns a 401 Unauthorized error. How to fix Exposure of Sensitive System Information to an Unauthorized Control Sphere? There is no fixed version for `org.keycloak:keycloak-services`.	[0,)

Vulnerability

Vulnerable Version

Missing Critical Step in Authentication

org.keycloak:keycloak-services is an open source identity and access management solution for modern applications and services.

Affected versions of this package are vulnerable to Missing Critical Step in Authentication in the WebAuthn Attestation Statement verification. An attacker can influence policy enforcement by manipulating the registration flow or using a rogue authenticator under user control.

How to fix Missing Critical Step in Authentication?

There is no fixed version for org.keycloak:keycloak-services.

[0,)

Exposure of Sensitive System Information to an Unauthorized Control Sphere

org.keycloak:keycloak-services is an open source identity and access management solution for modern applications and services.

Affected versions of this package are vulnerable to Exposure of Sensitive System Information to an Unauthorized Control Sphere via the /admin/serverinfo endpoint, which exposes internal server details, when an authenticated user logs into the system or accesses the admin console.

Note: Direct access to this endpoint returns a 401 Unauthorized error.

How to fix Exposure of Sensitive System Information to an Unauthorized Control Sphere?

There is no fixed version for org.keycloak:keycloak-services.

[0,)

org.keycloak:keycloak-services@26.4.2 vulnerabilities

latest version

first published

latest version published

licenses detected

package registry

Direct Vulnerabilities

Fix vulnerabilities automatically