pkg:maven/org.keycloak/keycloak-parent

Type maven

Namespace org.keycloak

Name keycloak-parent

Known advisories, vulnerabilities and fixes for org.keycloak/keycloak-parent package.

Repository: https://mvnrepository.com/artifact/org.keycloak/keycloak-parent

Critical 2

High 11

Moderate 12

Low 1

Type	Version	# CVEs	# Advisory ID	Title	Severity	Published
Affected	>= 9.0.0, < 12.0.3	CVE-2021-20222	MAVEN:GHSA-2MQ8-99Q7-55WX	Code injection in keycloak	high	2021-05-13T22:29:51 (3 years ago)
Fixed	= 12.0.3	CVE-2021-20222	MAVEN:GHSA-2MQ8-99Q7-55WX	Code injection in keycloak	high	2021-05-13T22:29:51 (3 years ago)
Affected	<= 23.0.3	CVE-2023-6927	MAVEN:GHSA-3P75-Q5CC-QMJ7	Keycloak Open Redirect vulnerability	moderate	2023-12-19T00:30:21 (9 months ago)
Affected	= 4.3.0.Final >= 4.0.0.Beta1, <= 4.0.0.Beta2 <= 3.4.3.Final	CVE-2018-14655	MAVEN:GHSA-458H-WV48-FQ75	Keycloak vulnerable to cross-site scripting via the state parameter	moderate	2022-05-13T01:34:29 (2 years ago)
Affected	< 12.0.0	CVE-2020-10776	MAVEN:GHSA-484Q-784P-8M5H	Cross-site Scripting in keycloak	moderate	2022-02-09T00:58:15 (2 years ago)
Fixed	= 12.0.0	CVE-2020-10776	MAVEN:GHSA-484Q-784P-8M5H	Cross-site Scripting in keycloak	moderate	2022-02-09T00:58:15 (2 years ago)
Affected	< 11.0.1	CVE-2020-10758	MAVEN:GHSA-52RG-HPWQ-QP56	Allocation of Resources Without Limits or Throttling in Keycloak	high	2022-02-09T00:56:51 (2 years ago)
Fixed	= 11.0.1	CVE-2020-10758	MAVEN:GHSA-52RG-HPWQ-QP56	Allocation of Resources Without Limits or Throttling in Keycloak	high	2022-02-09T00:56:51 (2 years ago)
Affected	< 10.0.0	CVE-2020-1694	MAVEN:GHSA-72J4-94RX-CR6W	Incorrect Permission Assignment for Critical Resource and Permissive List of Allowed Inputs in Keycloak	moderate	2022-02-09T00:57:02 (2 years ago)
Fixed	= 10.0.0	CVE-2020-1694	MAVEN:GHSA-72J4-94RX-CR6W	Incorrect Permission Assignment for Critical Resource and Permissive List of Allowed Inputs in Keycloak	moderate	2022-02-09T00:57:02 (2 years ago)
Affected	< 3.4.0	CVE-2017-12159	MAVEN:GHSA-7FMW-85QM-H22P	Keycloak CSRF Vulnerability	high	2022-05-13T01:38:14 (2 years ago)
Fixed	= 3.4.0	CVE-2017-12159	MAVEN:GHSA-7FMW-85QM-H22P	Keycloak CSRF Vulnerability	high	2022-05-13T01:38:14 (2 years ago)
Affected	< 4.6.0.Final	CVE-2018-14657	MAVEN:GHSA-85V8-VX4W-Q684	Keycloak Improper Bruteforce Detection	high	2022-05-13T01:12:25 (2 years ago)
Fixed	= 4.6.0.Final	CVE-2018-14657	MAVEN:GHSA-85V8-VX4W-Q684	Keycloak Improper Bruteforce Detection	high	2022-05-13T01:12:25 (2 years ago)
Affected	<= 19.0.2	CVE-2022-3916	MAVEN:GHSA-97G8-XFVW-Q4HG	Keycloak vulnerable to session takeover with OIDC offline refreshtokens	moderate	2022-12-13T19:44:33 (21 months ago)
Fixed	= 20.0.2	CVE-2022-3916	MAVEN:GHSA-97G8-XFVW-Q4HG	Keycloak vulnerable to session takeover with OIDC offline refreshtokens	moderate	2022-12-13T19:44:33 (21 months ago)
Affected	< 20.0.5	CVE-2022-4137	MAVEN:GHSA-9HHC-PJ4W-W5RV	Keycloak Cross-site Scripting on OpenID connect login service	high	2023-03-01T17:38:56 (18 months ago)
Fixed	= 20.0.5	CVE-2022-4137	MAVEN:GHSA-9HHC-PJ4W-W5RV	Keycloak Cross-site Scripting on OpenID connect login service	high	2023-03-01T17:38:56 (18 months ago)
Affected	< 10.0.0	CVE-2020-1758	MAVEN:GHSA-C597-F74M-JGC2	Improper Certificate Validation and Improper Validation of Certificate with Host Mismatch in Keycloak	moderate	2022-02-09T00:56:26 (2 years ago)
Fixed	= 10.0.0	CVE-2020-1758	MAVEN:GHSA-C597-F74M-JGC2	Improper Certificate Validation and Improper Validation of Certificate with Host Mismatch in Keycloak	moderate	2022-02-09T00:56:26 (2 years ago)
Affected	< 14.0.0	CVE-2021-3461	MAVEN:GHSA-CM29-6WX7-P874	Keycloak insufficient session expiration	high	2022-04-03T00:01:01 (2 years ago)
Fixed	= 14.0.0	CVE-2021-3461	MAVEN:GHSA-CM29-6WX7-P874	Keycloak insufficient session expiration	high	2022-04-03T00:01:01 (2 years ago)
Affected	< 12.0.0	CVE-2020-14366	MAVEN:GHSA-CP67-8W3W-6H9C	Path Traversal	high	2022-02-09T00:58:03 (2 years ago)
Fixed	= 12.0.0	CVE-2020-14366	MAVEN:GHSA-CP67-8W3W-6H9C	Path Traversal	high	2022-02-09T00:58:03 (2 years ago)
Affected	>= 7.0.0, <= 7.0.1	CVE-2019-14909	MAVEN:GHSA-FV4Q-WM8C-WJG4	Keycloak Authentication Error	high	2022-05-24T17:02:40 (2 years ago)
Affected	<= 20.0.0	CVE-2022-3782	MAVEN:GHSA-G8Q8-FGGX-9R3Q	Keycloak vulnerable to path traversal via double URL encoding	critical	2022-12-13T19:44:56 (21 months ago)
Fixed	= 20.0.2	CVE-2022-3782	MAVEN:GHSA-G8Q8-FGGX-9R3Q	Keycloak vulnerable to path traversal via double URL encoding	critical	2022-12-13T19:44:56 (21 months ago)
Affected	<= 10.0.1	CVE-2020-10748	MAVEN:GHSA-HGPG-593R-HHVP	Cross-site Scripting in Keycloak	moderate	2022-02-09T00:56:37 (2 years ago)
Fixed	= 10.0.2	CVE-2020-10748	MAVEN:GHSA-HGPG-593R-HHVP	Cross-site Scripting in Keycloak	moderate	2022-02-09T00:56:37 (2 years ago)
Affected	< 8.0.0	CVE-2020-1718	MAVEN:GHSA-J229-2H63-RVH9	Improper Authentication for Keycloak	moderate	2022-02-09T00:59:32 (2 years ago)
Fixed	= 8.0.0	CVE-2020-1718	MAVEN:GHSA-J229-2H63-RVH9	Improper Authentication for Keycloak	moderate	2022-02-09T00:59:32 (2 years ago)
Affected	>= 7.0.0, <= 7.0.1	CVE-2019-14910	MAVEN:GHSA-JF86-9434-F8C2	Keycloak Authentication Error	critical	2022-05-24T17:02:42 (2 years ago)
Affected	>= 10.0.0, < 18.0.0		MAVEN:GHSA-M98G-63QJ-FP8J	Reflected XSS on clients-registrations endpoint	moderate	2022-04-28T21:01:28 (2 years ago)
Fixed	= 18.0.0		MAVEN:GHSA-M98G-63QJ-FP8J	Reflected XSS on clients-registrations endpoint	moderate	2022-04-28T21:01:28 (2 years ago)
Affected	< 13.0.0	CVE-2020-1725	MAVEN:GHSA-P225-PC2X-4JPM	Incorrect Authorization in keycloak	moderate	2022-02-09T00:58:52 (2 years ago)
Fixed	= 13.0.0	CVE-2020-1725	MAVEN:GHSA-P225-PC2X-4JPM	Incorrect Authorization in keycloak	moderate	2022-02-09T00:58:52 (2 years ago)
Affected	< 3.3.0.Final	CVE-2017-12160	MAVEN:GHSA-QC72-GFVW-76H7	Keycloak Oauth Implementation Error	high	2022-05-13T01:23:16 (2 years ago)
Fixed	= 3.3.0.Final	CVE-2017-12160	MAVEN:GHSA-QC72-GFVW-76H7	Keycloak Oauth Implementation Error	high	2022-05-13T01:23:16 (2 years ago)
Affected	<= 7.0.1	CVE-2020-1717	MAVEN:GHSA-RVFC-G8J5-9CCF	Generation of Error Message Containing Sensitive Information in Keycloak	low	2022-02-09T00:59:06 (2 years ago)
Affected	< 3.4.0	CVE-2017-12158	MAVEN:GHSA-V38P-MQQ3-M6V5	Keycloak Reflected XSS	moderate	2022-05-13T01:38:14 (2 years ago)
Fixed	= 3.4.0	CVE-2017-12158	MAVEN:GHSA-V38P-MQQ3-M6V5	Keycloak Reflected XSS	moderate	2022-05-13T01:38:14 (2 years ago)
Affected	< 19.0.2	CVE-2022-2256	MAVEN:GHSA-W9MF-83W3-FV49	Keycloak vulnerable to Stored Cross site Scripting (XSS) when loading default roles	moderate	2022-09-23T16:32:51 (2 years ago)
Fixed	= 19.0.2	CVE-2022-2256	MAVEN:GHSA-W9MF-83W3-FV49	Keycloak vulnerable to Stored Cross site Scripting (XSS) when loading default roles	moderate	2022-09-23T16:32:51 (2 years ago)
Affected	< 19.0.2	CVE-2022-2668	MAVEN:GHSA-WF7G-7H6H-678V	Keycloak SAML javascript protocol mapper: Uploading of scripts through admin console	high	2022-09-23T16:32:32 (2 years ago)
Fixed	= 19.0.2	CVE-2022-2668	MAVEN:GHSA-WF7G-7H6H-678V	Keycloak SAML javascript protocol mapper: Uploading of scripts through admin console	high	2022-09-23T16:32:32 (2 years ago)
Affected	< 13.0.0	CVE-2021-3513	MAVEN:GHSA-XV7H-95R7-595J	Incorrect implementation of lockout feature in Keycloak	high	2022-08-23T00:00:17 (2 years ago)
Fixed	= 13.0.0	CVE-2021-3513	MAVEN:GHSA-XV7H-95R7-595J	Incorrect implementation of lockout feature in Keycloak	high	2022-08-23T00:00:17 (2 years ago)