pkg:maven/org.keycloak/keycloak-parent
Type
maven
Namespace
org.keycloak
Name
keycloak-parent
Known advisories, vulnerabilities and fixes for org.keycloak/keycloak-parent package.
Critical
2
High
11
Moderate
12
Low
1
Type | Version | Distribution | # CVEs | # Advisory ID | Title | Severity | Published |
---|---|---|---|---|---|---|---|
Affected | >= 9.0.0, < 12.0.3 |
CVE-2021-20222
|
MAVEN:GHSA-2MQ8-99Q7-55WX | Code injection in keycloak | high |
2021-05-13T22:29:51
(3 years ago) |
|
Fixed | = 12.0.3 |
CVE-2021-20222
|
MAVEN:GHSA-2MQ8-99Q7-55WX | Code injection in keycloak | high |
2021-05-13T22:29:51
(3 years ago) |
|
Affected | <= 23.0.3 |
CVE-2023-6927
|
MAVEN:GHSA-3P75-Q5CC-QMJ7 | Keycloak Open Redirect vulnerability | moderate |
2023-12-19T00:30:21
(9 months ago) |
|
Affected | = 4.3.0.Final >= 4.0.0.Beta1, <= 4.0.0.Beta2 <= 3.4.3.Final |
CVE-2018-14655
|
MAVEN:GHSA-458H-WV48-FQ75 | Keycloak vulnerable to cross-site scripting via the state parameter | moderate |
2022-05-13T01:34:29
(2 years ago) |
|
Affected | < 12.0.0 |
CVE-2020-10776
|
MAVEN:GHSA-484Q-784P-8M5H | Cross-site Scripting in keycloak | moderate |
2022-02-09T00:58:15
(2 years ago) |
|
Fixed | = 12.0.0 |
CVE-2020-10776
|
MAVEN:GHSA-484Q-784P-8M5H | Cross-site Scripting in keycloak | moderate |
2022-02-09T00:58:15
(2 years ago) |
|
Affected | < 11.0.1 |
CVE-2020-10758
|
MAVEN:GHSA-52RG-HPWQ-QP56 | Allocation of Resources Without Limits or Throttling in Keycloak | high |
2022-02-09T00:56:51
(2 years ago) |
|
Fixed | = 11.0.1 |
CVE-2020-10758
|
MAVEN:GHSA-52RG-HPWQ-QP56 | Allocation of Resources Without Limits or Throttling in Keycloak | high |
2022-02-09T00:56:51
(2 years ago) |
|
Affected | < 10.0.0 |
CVE-2020-1694
|
MAVEN:GHSA-72J4-94RX-CR6W | Incorrect Permission Assignment for Critical Resource and Permissive List of Allowed Inputs in Keycloak | moderate |
2022-02-09T00:57:02
(2 years ago) |
|
Fixed | = 10.0.0 |
CVE-2020-1694
|
MAVEN:GHSA-72J4-94RX-CR6W | Incorrect Permission Assignment for Critical Resource and Permissive List of Allowed Inputs in Keycloak | moderate |
2022-02-09T00:57:02
(2 years ago) |
|
Affected | < 3.4.0 |
CVE-2017-12159
|
MAVEN:GHSA-7FMW-85QM-H22P | Keycloak CSRF Vulnerability | high |
2022-05-13T01:38:14
(2 years ago) |
|
Fixed | = 3.4.0 |
CVE-2017-12159
|
MAVEN:GHSA-7FMW-85QM-H22P | Keycloak CSRF Vulnerability | high |
2022-05-13T01:38:14
(2 years ago) |
|
Affected | < 4.6.0.Final |
CVE-2018-14657
|
MAVEN:GHSA-85V8-VX4W-Q684 | Keycloak Improper Bruteforce Detection | high |
2022-05-13T01:12:25
(2 years ago) |
|
Fixed | = 4.6.0.Final |
CVE-2018-14657
|
MAVEN:GHSA-85V8-VX4W-Q684 | Keycloak Improper Bruteforce Detection | high |
2022-05-13T01:12:25
(2 years ago) |
|
Affected | <= 19.0.2 |
CVE-2022-3916
|
MAVEN:GHSA-97G8-XFVW-Q4HG | Keycloak vulnerable to session takeover with OIDC offline refreshtokens | moderate |
2022-12-13T19:44:33
(21 months ago) |
|
Fixed | = 20.0.2 |
CVE-2022-3916
|
MAVEN:GHSA-97G8-XFVW-Q4HG | Keycloak vulnerable to session takeover with OIDC offline refreshtokens | moderate |
2022-12-13T19:44:33
(21 months ago) |
|
Affected | < 20.0.5 |
CVE-2022-4137
|
MAVEN:GHSA-9HHC-PJ4W-W5RV | Keycloak Cross-site Scripting on OpenID connect login service | high |
2023-03-01T17:38:56
(18 months ago) |
|
Fixed | = 20.0.5 |
CVE-2022-4137
|
MAVEN:GHSA-9HHC-PJ4W-W5RV | Keycloak Cross-site Scripting on OpenID connect login service | high |
2023-03-01T17:38:56
(18 months ago) |
|
Affected | < 10.0.0 |
CVE-2020-1758
|
MAVEN:GHSA-C597-F74M-JGC2 | Improper Certificate Validation and Improper Validation of Certificate with Host Mismatch in Keycloak | moderate |
2022-02-09T00:56:26
(2 years ago) |
|
Fixed | = 10.0.0 |
CVE-2020-1758
|
MAVEN:GHSA-C597-F74M-JGC2 | Improper Certificate Validation and Improper Validation of Certificate with Host Mismatch in Keycloak | moderate |
2022-02-09T00:56:26
(2 years ago) |
|
Affected | < 14.0.0 |
CVE-2021-3461
|
MAVEN:GHSA-CM29-6WX7-P874 | Keycloak insufficient session expiration | high |
2022-04-03T00:01:01
(2 years ago) |
|
Fixed | = 14.0.0 |
CVE-2021-3461
|
MAVEN:GHSA-CM29-6WX7-P874 | Keycloak insufficient session expiration | high |
2022-04-03T00:01:01
(2 years ago) |
|
Affected | < 12.0.0 |
CVE-2020-14366
|
MAVEN:GHSA-CP67-8W3W-6H9C | Path Traversal | high |
2022-02-09T00:58:03
(2 years ago) |
|
Fixed | = 12.0.0 |
CVE-2020-14366
|
MAVEN:GHSA-CP67-8W3W-6H9C | Path Traversal | high |
2022-02-09T00:58:03
(2 years ago) |
|
Affected | >= 7.0.0, <= 7.0.1 |
CVE-2019-14909
|
MAVEN:GHSA-FV4Q-WM8C-WJG4 | Keycloak Authentication Error | high |
2022-05-24T17:02:40
(2 years ago) |
|
Affected | <= 20.0.0 |
CVE-2022-3782
|
MAVEN:GHSA-G8Q8-FGGX-9R3Q | Keycloak vulnerable to path traversal via double URL encoding | critical |
2022-12-13T19:44:56
(21 months ago) |
|
Fixed | = 20.0.2 |
CVE-2022-3782
|
MAVEN:GHSA-G8Q8-FGGX-9R3Q | Keycloak vulnerable to path traversal via double URL encoding | critical |
2022-12-13T19:44:56
(21 months ago) |
|
Affected | <= 10.0.1 |
CVE-2020-10748
|
MAVEN:GHSA-HGPG-593R-HHVP | Cross-site Scripting in Keycloak | moderate |
2022-02-09T00:56:37
(2 years ago) |
|
Fixed | = 10.0.2 |
CVE-2020-10748
|
MAVEN:GHSA-HGPG-593R-HHVP | Cross-site Scripting in Keycloak | moderate |
2022-02-09T00:56:37
(2 years ago) |
|
Affected | < 8.0.0 |
CVE-2020-1718
|
MAVEN:GHSA-J229-2H63-RVH9 | Improper Authentication for Keycloak | moderate |
2022-02-09T00:59:32
(2 years ago) |
|
Fixed | = 8.0.0 |
CVE-2020-1718
|
MAVEN:GHSA-J229-2H63-RVH9 | Improper Authentication for Keycloak | moderate |
2022-02-09T00:59:32
(2 years ago) |
|
Affected | >= 7.0.0, <= 7.0.1 |
CVE-2019-14910
|
MAVEN:GHSA-JF86-9434-F8C2 | Keycloak Authentication Error | critical |
2022-05-24T17:02:42
(2 years ago) |
|
Affected | >= 10.0.0, < 18.0.0 | MAVEN:GHSA-M98G-63QJ-FP8J | Reflected XSS on clients-registrations endpoint | moderate |
2022-04-28T21:01:28
(2 years ago) |
||
Fixed | = 18.0.0 | MAVEN:GHSA-M98G-63QJ-FP8J | Reflected XSS on clients-registrations endpoint | moderate |
2022-04-28T21:01:28
(2 years ago) |
||
Affected | < 13.0.0 |
CVE-2020-1725
|
MAVEN:GHSA-P225-PC2X-4JPM | Incorrect Authorization in keycloak | moderate |
2022-02-09T00:58:52
(2 years ago) |
|
Fixed | = 13.0.0 |
CVE-2020-1725
|
MAVEN:GHSA-P225-PC2X-4JPM | Incorrect Authorization in keycloak | moderate |
2022-02-09T00:58:52
(2 years ago) |
|
Affected | < 3.3.0.Final |
CVE-2017-12160
|
MAVEN:GHSA-QC72-GFVW-76H7 | Keycloak Oauth Implementation Error | high |
2022-05-13T01:23:16
(2 years ago) |
|
Fixed | = 3.3.0.Final |
CVE-2017-12160
|
MAVEN:GHSA-QC72-GFVW-76H7 | Keycloak Oauth Implementation Error | high |
2022-05-13T01:23:16
(2 years ago) |
|
Affected | <= 7.0.1 |
CVE-2020-1717
|
MAVEN:GHSA-RVFC-G8J5-9CCF | Generation of Error Message Containing Sensitive Information in Keycloak | low |
2022-02-09T00:59:06
(2 years ago) |
|
Affected | < 3.4.0 |
CVE-2017-12158
|
MAVEN:GHSA-V38P-MQQ3-M6V5 | Keycloak Reflected XSS | moderate |
2022-05-13T01:38:14
(2 years ago) |
|
Fixed | = 3.4.0 |
CVE-2017-12158
|
MAVEN:GHSA-V38P-MQQ3-M6V5 | Keycloak Reflected XSS | moderate |
2022-05-13T01:38:14
(2 years ago) |
|
Affected | < 19.0.2 |
CVE-2022-2256
|
MAVEN:GHSA-W9MF-83W3-FV49 | Keycloak vulnerable to Stored Cross site Scripting (XSS) when loading default roles | moderate |
2022-09-23T16:32:51
(2 years ago) |
|
Fixed | = 19.0.2 |
CVE-2022-2256
|
MAVEN:GHSA-W9MF-83W3-FV49 | Keycloak vulnerable to Stored Cross site Scripting (XSS) when loading default roles | moderate |
2022-09-23T16:32:51
(2 years ago) |
|
Affected | < 19.0.2 |
CVE-2022-2668
|
MAVEN:GHSA-WF7G-7H6H-678V | Keycloak SAML javascript protocol mapper: Uploading of scripts through admin console | high |
2022-09-23T16:32:32
(2 years ago) |
|
Fixed | = 19.0.2 |
CVE-2022-2668
|
MAVEN:GHSA-WF7G-7H6H-678V | Keycloak SAML javascript protocol mapper: Uploading of scripts through admin console | high |
2022-09-23T16:32:32
(2 years ago) |
|
Affected | < 13.0.0 |
CVE-2021-3513
|
MAVEN:GHSA-XV7H-95R7-595J | Incorrect implementation of lockout feature in Keycloak | high |
2022-08-23T00:00:17
(2 years ago) |
|
Fixed | = 13.0.0 |
CVE-2021-3513
|
MAVEN:GHSA-XV7H-95R7-595J | Incorrect implementation of lockout feature in Keycloak | high |
2022-08-23T00:00:17
(2 years ago) |