[MAVEN:GHSA-8HC5-RMGF-QX6P] Keycloak vulnerable to LDAP Injection on UsernameForm Login
Severity
Low
Affected Packages
2
Fixed Packages
2
CVEs
1
A flaw was found in the Keycloak package. This flaw allows an attacker to benefit from an LDAP query and access existing usernames in the server.
Package | Affected Version |
---|---|
pkg:maven/org.keycloak/keycloak-services | < 23.0.1 |
pkg:maven/org.keycloak/keycloak-ldap-federation | < 23.0.1 |
Package | Fixed Version |
---|---|
pkg:maven/org.keycloak/keycloak-services | = 23.0.1 |
pkg:maven/org.keycloak/keycloak-ldap-federation | = 23.0.1 |
- ID
- MAVEN:GHSA-8HC5-RMGF-QX6P
- Severity
- low
- URL
- https://github.com/advisories/GHSA-8hc5-rmgf-qx6p
- Published
-
2023-11-29T21:33:07
(9 months ago) - Modified
-
2023-11-30T08:19:53
(9 months ago) - Rights
- Maven Security Team
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:maven/org.keycloak/keycloak-services | org.keycloak | keycloak-services | < 23.0.1 | |||
Fixed | pkg:maven/org.keycloak/keycloak-services | org.keycloak | keycloak-services | = 23.0.1 | |||
Affected | pkg:maven/org.keycloak/keycloak-ldap-federation | org.keycloak | keycloak-ldap-federation | < 23.0.1 | |||
Fixed | pkg:maven/org.keycloak/keycloak-ldap-federation | org.keycloak | keycloak-ldap-federation | = 23.0.1 |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |