[MAVEN:GHSA-8HC5-RMGF-QX6P] Keycloak vulnerable to LDAP Injection on UsernameForm Login
Severity
Low
Affected Packages
2
Fixed Packages
2
CVEs
1
A flaw was found in the Keycloak package. This flaw allows an attacker to benefit from an LDAP query and access existing usernames in the server.
| Package | Affected Version |
|---|---|
 pkg:maven/org.keycloak/keycloak-services
|
< 23.0.1 |
|
pkg:maven/org.keycloak/keycloak-ldap-federation
|
< 23.0.1 |
| Package | Fixed Version |
|---|---|
|
pkg:maven/org.keycloak/keycloak-services
|
= 23.0.1 |
|
pkg:maven/org.keycloak/keycloak-ldap-federation
|
= 23.0.1 |
- ID
- MAVEN:GHSA-8HC5-RMGF-QX6P
- Severity
- low
- URL
- https://github.com/advisories/GHSA-8hc5-rmgf-qx6p
- Published
-
2023-11-29T21:33:07
(9 months ago) - Modified
-
2023-11-30T08:19:53
(9 months ago) - Rights
- Maven Security Team
| Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
|---|---|---|---|---|---|---|---|
| Affected | pkg:maven/org.keycloak/keycloak-services | org.keycloak |
keycloak-services
|
< 23.0.1 | |||
| Fixed | pkg:maven/org.keycloak/keycloak-services | org.keycloak |
keycloak-services
|
= 23.0.1 | |||
| Affected | pkg:maven/org.keycloak/keycloak-ldap-federation | org.keycloak |
keycloak-ldap-federation
|
< 23.0.1 | |||
| Fixed | pkg:maven/org.keycloak/keycloak-ldap-federation | org.keycloak |
keycloak-ldap-federation
|
= 23.0.1 |
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
|---|---|---|---|---|---|---|---|---|---|---|---|
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |