CVE-2024-1132
- EPSS 0.24%
- Veröffentlicht 17.04.2024 14:15:07
- Zuletzt bearbeitet 30.06.2025 13:58:57
A flaw was found in Keycloak, where it does not properly validate URLs included in a redirect. This issue could allow an attacker to construct a malicious request to bypass validation and access other URLs and sensitive information within the domain ...
CVE-2023-1664
- EPSS 0.24%
- Veröffentlicht 26.05.2023 18:15:09
- Zuletzt bearbeitet 15.01.2025 22:15:25
A flaw was found in Keycloak. This flaw depends on a non-default configuration "Revalidate Client Certificate" to be enabled and the reverse proxy is not validating the certificate before Keycloak. Using this method an attacker may choose the certifi...
CVE-2022-4492
- EPSS 0.12%
- Veröffentlicht 23.02.2023 20:15:12
- Zuletzt bearbeitet 12.03.2025 15:15:38
The undertow client is not checking the server identity presented by the server certificate in https connections. This is a compulsory step (at least it should be performed by default) in https and in http/2. I would add it to any TLS client protocol...