Filtered by vendor Redhat Subscriptions
Filtered by product Red Hat Single Sign On Subscriptions
Total 207 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2024-8883 1 Redhat 10 Build Keycloak, Build Of Keycloak, Jboss Enterprise Application Platform and 7 more 2024-12-24 6.1 Medium
A misconfiguration flaw was found in Keycloak. This issue can allow an attacker to redirect users to an arbitrary URL if a 'Valid Redirect URI' is set to http://localhost or http://127.0.0.1, enabling sensitive information such as authorization codes to be exposed to the attacker, potentially leading to session hijacking.
CVE-2024-4629 1 Redhat 12 Build Keycloak, Build Of Keycloak, Enterprise Linux and 9 more 2024-12-24 6.5 Medium
A vulnerability was found in Keycloak. This flaw allows attackers to bypass brute force protection by exploiting the timing of login attempts. By initiating multiple login requests simultaneously, attackers can exceed the configured limits for failed attempts before the system locks them out. This timing loophole enables attackers to make more guesses at passwords than intended, potentially compromising account security on affected systems.
CVE-2024-4109 1 Redhat 10 Build Keycloak, Camel Spring Boot, Integration and 7 more 2024-12-24 7.5 High
A flaw was found in Undertow. An HTTP request header value from a previous stream may be incorrectly reused for a request associated with a subsequent stream on the same HTTP/2 connection. This issue can potentially lead to information leakage between requests.
CVE-2024-3656 1 Redhat 3 Build Keycloak, Jboss Enterprise Application Platform, Red Hat Single Sign On 2024-12-23 8.1 High
A flaw was found in Keycloak. Certain endpoints in Keycloak's admin REST API allow low-privilege users to access administrative functionalities. This flaw allows users to perform actions reserved for administrators, potentially leading to data breaches or system compromise.
CVE-2024-1249 1 Redhat 15 Amq Broker, Amq Streams, Build Keycloak and 12 more 2024-12-23 7.4 High
A flaw was found in Keycloak's OIDC component in the "checkLoginIframe," which allows unvalidated cross-origin messages. This flaw allows attackers to coordinate and send millions of requests in seconds using simple code, significantly impacting the application's availability without proper origin validation for incoming messages.
CVE-2023-6717 1 Redhat 15 Amq Broker, Build Keycloak, Jboss Data Grid and 12 more 2024-12-23 6 Medium
A flaw was found in the SAML client registration in Keycloak that could allow an administrator to register malicious JavaScript URIs as Assertion Consumer Service POST Binding URLs (ACS), posing a Cross-Site Scripting (XSS) risk. This issue may allow a malicious admin in one realm or a client with registration access to target users in different realms or applications, executing arbitrary JavaScript in their contexts upon form submission. This can enable unauthorized access and harmful actions, compromising the confidentiality, integrity, and availability of the complete KC instance.
CVE-2023-44487 32 Akka, Amazon, Apache and 29 more 364 Http Server, Opensearch Data Prepper, Apisix and 361 more 2024-12-20 7.5 High
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
CVE-2024-1132 1 Redhat 13 Amq Broker, Build Keycloak, Jboss Data Grid and 10 more 2024-12-20 8.1 High
A flaw was found in Keycloak, where it does not properly validate URLs included in a redirect. This issue could allow an attacker to construct a malicious request to bypass validation and access other URLs and sensitive information within the domain or conduct further attacks. This flaw affects any client that utilizes a wildcard in the Valid Redirect URIs field, and requires user interaction within the malicious URL.
CVE-2024-10234 1 Redhat 7 Build Keycloak, Build Of Keycloak, Jboss Data Grid and 4 more 2024-12-19 6.1 Medium
A vulnerability was found in Wildfly, where a user may perform Cross-site scripting in the Wildfly deployment system. This flaw allows an attacker or insider to execute a deployment with a malicious payload, which could trigger undesired behavior against the server.
CVE-2024-10492 1 Redhat 4 Build Keycloak, Jboss Enterprise Application Platform, Jbosseapxp and 1 more 2024-12-18 N/A
A vulnerability was found in Keycloak. A user with high privileges could read sensitive information from a Vault file that is not within the expected context. This attacker must have previous high access to the Keycloak server in order to perform resource creation, for example, an LDAP provider configuration and set up a Vault read file, which will only inform whether that file exists or not.
CVE-2023-6291 1 Redhat 18 Build Keycloak, Enterprise Linux, Jboss Data Grid and 15 more 2024-12-13 7.1 High
A flaw was found in the redirect_uri validation logic in Keycloak. This issue may allow a bypass of otherwise explicitly allowed hosts. A successful attack may lead to an access token being stolen, making it possible for the attacker to impersonate other users.
CVE-2024-8698 1 Redhat 4 Build Keycloak, Jboss Enterprise Application Platform, Red Hat Single Sign On and 1 more 2024-12-13 7.7 High
A flaw exists in the SAML signature validation method within the Keycloak XMLSignatureUtil class. The method incorrectly determines whether a SAML signature is for the full document or only for specific assertions based on the position of the signature in the XML document, rather than the Reference element used to specify the signed element. This flaw allows attackers to create crafted responses that can bypass the validation, potentially leading to privilege escalation or impersonation attacks.
CVE-2024-7885 1 Redhat 19 Apache Camel Spring Boot, Build Keycloak, Build Of Apache Camel - Hawtio and 16 more 2024-12-13 7.5 High
A vulnerability was found in Undertow where the ProxyProtocolReadListener reuses the same StringBuilder instance across multiple requests. This issue occurs when the parseProxyProtocolV1 method processes multiple requests on the same HTTP connection. As a result, different requests may share the same StringBuilder instance, potentially leading to information leakage between requests or responses. In some cases, a value from a previous request or response may be erroneously reused, which could lead to unintended data exposure. This issue primarily results in errors and connection termination but creates a risk of data leakage in multi-request environments.
CVE-2024-10270 1 Redhat 4 Build Keycloak, Jboss Enterprise Application Platform, Jbosseapxp and 1 more 2024-12-06 6.5 Medium
A vulnerability was found in the Keycloak-services package. If untrusted data is passed to the SearchQueryUtils method, it could lead to a denial of service (DoS) scenario by exhausting system resources due to a Regex complexity.
CVE-2023-6484 1 Redhat 3 Build Keycloak, Red Hat Single Sign On, Rhosemc 2024-12-06 5.3 Medium
A log injection flaw was found in Keycloak. A text string may be injected through the authentication form when using the WebAuthn authentication mode. This issue may have a minor impact to the logs integrity.
CVE-2023-33201 2 Bouncycastle, Redhat 10 Bc-java, Amq Broker, Amq Streams and 7 more 2024-12-04 5.3 Medium
Bouncy Castle For Java before 1.74 is affected by an LDAP injection vulnerability. The vulnerability only affects applications that use an LDAP CertStore from Bouncy Castle to validate X.509 certificates. During the certificate validation process, Bouncy Castle inserts the certificate's Subject Name into an LDAP search filter without any escaping, which leads to an LDAP injection vulnerability.
CVE-2023-5379 1 Redhat 10 Jboss Data Grid, Jboss Enterprise Application Platform, Jboss Enterprise Bpms Platform and 7 more 2024-12-02 7.5 High
A flaw was found in Undertow. When an AJP request is sent that exceeds the max-header-size attribute in ajp-listener, JBoss EAP is marked in an error state by mod_cluster in httpd, causing JBoss EAP to close the TCP connection without returning an AJP response. This happens because mod_proxy_cluster marks the JBoss EAP instance as an error worker when the TCP connection is closed from the backend after sending the AJP request without receiving an AJP response, and stops forwarding. This issue could allow a malicious user could to repeatedly send requests that exceed the max-header-size, causing a Denial of Service (DoS).
CVE-2024-6162 1 Redhat 11 Apache Camel Spring Boot, Build Keycloak, Camel Spring Boot and 8 more 2024-11-29 7.5 High
A vulnerability was found in Undertow, where URL-encoded request paths can be mishandled during concurrent requests on the AJP listener. This issue arises because the same buffer is used to decode the paths for multiple requests simultaneously, leading to incorrect path information being processed. As a result, the server may attempt to access the wrong path, causing errors such as "404 Not Found" or other application failures. This flaw can potentially lead to a denial of service, as legitimate resources become inaccessible due to the path mix-up.
CVE-2024-10451 1 Redhat 3 Build Keycloak, Jboss Enterprise Application Platform, Red Hat Single Sign On 2024-11-27 5.9 Medium
A flaw was found in Keycloak. This issue occurs because sensitive runtime values, such as passwords, may be captured during the Keycloak build process and embedded as default values in bytecode, leading to unintended information disclosure. In Keycloak 26, sensitive data specified directly in environment variables during the build process is also stored as a default values, making it accessible during runtime. Indirect usage of environment variables for SPI options and Quarkus properties is also vulnerable due to unconditional expansion by PropertyMapper logic, capturing sensitive data as default values in all Keycloak versions up to 26.0.2.
CVE-2023-5685 1 Redhat 12 Apache-camel-spring-boot, Build Keycloak, Camel Spring Boot and 9 more 2024-11-26 7.5 High
A flaw was found in XNIO. The XNIO NotifierState that can cause a Stack Overflow Exception when the chain of notifier states becomes problematically large can lead to uncontrolled resource management and a possible denial of service (DoS).