26.6.4
12 years ago
5 days ago
Known vulnerabilities in the org.keycloak:keycloak-services package. This does not include vulnerabilities belonging to this package’s dependencies.
Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.
Fix for free| Vulnerability | Vulnerable Version |
|---|---|
org.keycloak:keycloak-services is an open source identity and access management solution for modern applications and services. Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature via the JWT Authorization Grant flow due to algorithm confusion in signature verification. An attacker can gain unauthorized access and potentially escalate privileges by forging assertions and creating unauthorized access tokens. How to fix Improper Verification of Cryptographic Signature? A fix was pushed into the | [0,) |
org.keycloak:keycloak-services is an open source identity and access management solution for modern applications and services. Affected versions of this package are vulnerable to Incorrect Authorization via the How to fix Incorrect Authorization? A fix was pushed into the | [0,) |
org.keycloak:keycloak-services is an open source identity and access management solution for modern applications and services. Affected versions of this package are vulnerable to Improper Validation of Consistency within Input via the authentication process when a client is configured with a wildcard redirect URI. An attacker can cause the client application to incorrectly process attacker-controlled OIDC response parameters by crafting a malicious authorization URL and tricking a user into clicking it. How to fix Improper Validation of Consistency within Input? A fix was pushed into the | [0,) |
org.keycloak:keycloak-services is an open source identity and access management solution for modern applications and services. Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature via the How to fix Improper Verification of Cryptographic Signature? There is no fixed version for | [0,) |
org.keycloak:keycloak-services is an open source identity and access management solution for modern applications and services. Affected versions of this package are vulnerable to Time-of-check Time-of-use (TOCTOU) Race Condition in the role rename endpoint. An attacker can gain unauthorized administrative privileges by exploiting a timing window between permission checks and their enforcement. The attacker can escalate their access to realm-wide administrative control, even after their original permissions are revoked and across system reboots. How to fix Time-of-check Time-of-use (TOCTOU) Race Condition? A fix was pushed into the | [0,) |