Vulnerabilidades em Keycloak
14 resultadosCVE-2019-14820MEDIUMIt was found that keycloak before version 8.0.0 exposes internal adapter endpoints in org.keycloak.constants.AdapterConstants, which can be EPSS 0.7%CVE-2020-10686MEDIUMA flaw was found in Keycloak version 8.0.2 and 9.0.0, and was fixed in Keycloak version 9.0.1, where a malicious user registers as oneself. EPSS 0.7%CVE-2022-4361CRITICALKeycloak, an open-source identity and access management solution, has a cross-site scripting (XSS) vulnerability in the SAML or OIDC provideEPSS 0.6%CVE-2019-14832MEDIUMA flaw was found in the Keycloak REST API before version 8.0.0 where it would permit user access from a realm the user was not configured. AEPSS 0.5%CVE-2025-9162MEDIUMOrg.keycloak/keycloak-model-storage-service: variable injection into environment variablesEPSS 0.5%CVE-2025-11538MEDIUMKeycloak-server: debug default bind addressEPSS 0.5%CVE-2025-13467MEDIUMOrg.keycloak.storage.ldap: keycloak: deserialization of untrusted data in ldap user federationEPSS 0.4%CVE-2025-8419MEDIUMOrg.keycloak/keycloak-services: keycloak smtp inject vulnerabilityEPSS 0.4%CVE-2025-10939LOWOrg.keycloak/keycloak-quarkus-server: unable to restrict access to the admin consoleEPSS 0.4%CVE-2025-10044MEDIUMKeycloak: keycloak error_description injection on error pagesEPSS 0.3%CVE-2025-12110MEDIUMKeycloak: org.keycloak:keycloak-services: user can refresh offline session even after client's offline_access scope was removedEPSS 0.3%CVE-2025-11429MEDIUMKeycloak-server: too long and not settings compliant sessionEPSS 0.2%CVE-2025-12150LOWOrg.keycloak/keycloak-services: webauthn attestation statement verification bypassEPSS 0.2%CVE-2025-12390MEDIUMOrg.keycloak.protocol.oidc.endpoints.logoutendpoint: offline session takeover due to reused authentication session idEPSS 0.1%