Redhat

Single Sign-on

103 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2023-44487

Warning Media report Exploit
  • EPSS 94.44%
  • Published 10.10.2023 14:15:10
  • Last modified 11.06.2025 17:29:54

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.

7.1

CVE-2023-2422

  • EPSS 0.22%
  • Published 04.10.2023 11:15:10
  • Last modified 21.11.2024 07:58:35

A flaw was found in Keycloak. A Keycloak server configured to support mTLS authentication for OAuth/OpenID clients does not properly verify the client certificate chain. A client that possesses a proper certificate can authorize itself as any other c...

7.5

CVE-2023-3223

  • EPSS 0.88%
  • Published 27.09.2023 15:18:56
  • Last modified 21.11.2024 08:16:44

A flaw was found in undertow. Servlets annotated with @MultipartConfig may cause an OutOfMemoryError due to large multipart content. This may allow unauthorized users to cause remote Denial of Service (DoS) attack. If the server uses fileSizeThreshol...

6.1

CVE-2022-4137

  • EPSS 0.39%
  • Published 25.09.2023 20:15:09
  • Last modified 21.11.2024 07:34:38

A reflected cross-site scripting (XSS) vulnerability was found in the 'oob' OAuth endpoint due to incorrect null-byte handling. This issue allows a malicious link to insert an arbitrary URI into a Keycloak error page. This flaw requires a user or adm...

9.8

CVE-2022-4039

  • EPSS 0.12%
  • Published 22.09.2023 15:15:09
  • Last modified 21.11.2024 07:34:29

A flaw was found in Red Hat Single Sign-On for OpenShift container images, which are configured with an unsecured management interface enabled. This flaw allows an attacker to use this interface to deploy malicious code and access and modify potentia...

6.8

CVE-2022-3916

  • EPSS 0.23%
  • Published 20.09.2023 15:15:11
  • Last modified 21.11.2024 07:20:31

A flaw was found in the offline_access scope in Keycloak. This issue would affect users of shared computers more (especially if cookies are not cleared), due to a lack of root session validation, and the reuse of session ids across root and user auth...

7.5

CVE-2023-1108

  • EPSS 2.56%
  • Published 14.09.2023 15:15:08
  • Last modified 21.11.2024 07:38:28

A flaw was found in undertow. This issue makes achieving a denial of service possible due to an unexpected handshake status updated in SslConduit, where the loop never terminates.

5

CVE-2023-0264

  • EPSS 3.94%
  • Published 04.08.2023 18:15:11
  • Last modified 21.11.2024 07:36:51

A flaw was found in Keycloaks OpenID Connect user authentication, which may incorrectly authenticate requests. An authenticated attacker who could obtain information from a user request within the same realm could use that data to impersonate the vic...

6.1

CVE-2022-4361

  • EPSS 0.31%
  • Published 07.07.2023 20:15:09
  • Last modified 21.11.2024 07:35:08

Keycloak, an open-source identity and access management solution, has a cross-site scripting (XSS) vulnerability in the SAML or OIDC providers. The vulnerability can allow an attacker to execute malicious scripts by setting the AssertionConsumerServi...

6.5

CVE-2023-1664

  • EPSS 0.24%
  • Published 26.05.2023 18:15:09
  • Last modified 15.01.2025 22:15:25

A flaw was found in Keycloak. This flaw depends on a non-default configuration "Revalidate Client Certificate" to be enabled and the reverse proxy is not validating the certificate before Keycloak. Using this method an attacker may choose the certifi...