CVE-2023-6563
- EPSS 0.3%
- Published 14.12.2023 18:15:45
- Last modified 21.11.2024 08:44:06
An unconstrained memory consumption vulnerability was discovered in Keycloak. It can be triggered in environments which have millions of offline tokens (> 500,000 users with each having at least 2 saved sessions). If an attacker creates two or more u...
CVE-2023-3223
- EPSS 0.88%
- Published 27.09.2023 15:18:56
- Last modified 21.11.2024 08:16:44
A flaw was found in undertow. Servlets annotated with @MultipartConfig may cause an OutOfMemoryError due to large multipart content. This may allow unauthorized users to cause remote Denial of Service (DoS) attack. If the server uses fileSizeThreshol...
- EPSS 3.94%
- Published 04.08.2023 18:15:11
- Last modified 21.11.2024 07:36:51
A flaw was found in Keycloaks OpenID Connect user authentication, which may incorrectly authenticate requests. An authenticated attacker who could obtain information from a user request within the same realm could use that data to impersonate the vic...
CVE-2022-4361
- EPSS 0.31%
- Published 07.07.2023 20:15:09
- Last modified 21.11.2024 07:35:08
Keycloak, an open-source identity and access management solution, has a cross-site scripting (XSS) vulnerability in the SAML or OIDC providers. The vulnerability can allow an attacker to execute malicious scripts by setting the AssertionConsumerServi...
CVE-2023-0056
- EPSS 0.15%
- Published 23.03.2023 21:15:19
- Last modified 25.02.2025 20:15:31
An uncontrolled resource consumption vulnerability was discovered in HAProxy which could crash the service. This issue could allow an authenticated remote attacker to run a specially crafted malicious server in an OpenShift cluster. The biggest impac...