Vulnerability Library

ID
Packages
Summary
Affected versions
Published
Fix
GHSA-7fpj-9hr8-28vh
  • Maven/org.keycloak:keycloak-services
Keycloak vulnerable to impersonation via logout token exchange
  • 1.0-alpha-1
  • 1.0-alpha-1-12062013
  • 1.0-alpha-2
  • 1.0-alpha-3
  • 1.0-alpha-4
  • 1.0-beta-1
  • 1.0-beta-1-20150521
  • ...
2024-04-17T18:25:59Z Fix available
GHSA-c9h6-v78w-52wj
  • Maven/org.keycloak:keycloak-services
Keycloak vulnerable to session hijacking via re-authentication
  • 1.0-alpha-1
  • 1.0-alpha-1-12062013
  • 1.0-alpha-2
  • 1.0-alpha-3
  • 1.0-alpha-4
  • 1.0-beta-1
  • 1.0-beta-1-20150521
  • ...
2024-04-17T18:25:29Z Fix available
GHSA-72vp-xfrc-42xm
  • Maven/org.keycloak:keycloak-services
Keycloak path transversal vulnerability in redirection validation
  • 1.0-alpha-1
  • 1.0-alpha-1-12062013
  • 1.0-alpha-2
  • 1.0-alpha-3
  • 1.0-alpha-4
  • 1.0-beta-1
  • 1.0-beta-1-20150521
  • ...
2024-04-17T18:25:08Z Fix available
GHSA-m6q9-p373-g5q8
  • Maven/org.keycloak:keycloak-services
Keycloak's unvalidated cross-origin messages in checkLoginIframe leads to DDoS
  • 1.0-alpha-1
  • 1.0-alpha-1-12062013
  • 1.0-alpha-2
  • 1.0-alpha-3
  • 1.0-alpha-4
  • 1.0-beta-1
  • 1.0-beta-1-20150521
  • ...
2024-04-17T18:24:38Z Fix available
GHSA-j628-q885-8gr5
  • Maven/org.keycloak:keycloak-services
Keycloak vulnerable to log Injection during WebAuthn authentication or registration
  • 1.0-alpha-1
  • 1.0-alpha-1-12062013
  • 1.0-alpha-2
  • 1.0-alpha-3
  • 1.0-alpha-4
  • 1.0-beta-1
  • 1.0-beta-1-20150521
  • ...
2024-04-17T18:24:03Z Fix available
GHSA-46c8-635v-68r2
  • Maven/org.keycloak:keycloak-services
Keycloak Authorization Bypass vulnerability
  • 1.0-alpha-1
  • 1.0-alpha-1-12062013
  • 1.0-alpha-2
  • 1.0-alpha-3
  • 1.0-alpha-4
  • 1.0-beta-1
  • 1.0-beta-1-20150521
  • ...
2024-04-17T17:33:29Z Fix available
GHSA-8rmm-gm28-pj8q
  • Maven/org.keycloak:keycloak-services
Keycloak Cross-site Scripting (XSS) via assertion consumer service URL in SAML POST-binding flow
  • 1.0-alpha-1
  • 1.0-alpha-1-12062013
  • 1.0-alpha-2
  • 1.0-alpha-3
  • 1.0-alpha-4
  • 1.0-beta-1
  • 1.0-beta-1-20150521
  • ...
2024-04-17T17:33:04Z Fix available
GHSA-4f53-xh3v-g8x4
  • Maven/org.keycloak:keycloak-services
Keycloak secondary factor bypass in step-up authentication
  • 1.0-alpha-1
  • 1.0-alpha-1-12062013
  • 1.0-alpha-2
  • 1.0-alpha-3
  • 1.0-alpha-4
  • 1.0-beta-1
  • 1.0-beta-1-20150521
  • ...
2024-04-17T17:31:50Z Fix available
GHSA-mrv8-pqfj-7gp5
  • Maven/org.keycloak:keycloak-services
Keycloak path traversal vulnerability in the redirect validation
  • 1.0-alpha-1
  • 1.0-alpha-1-12062013
  • 1.0-alpha-2
  • 1.0-alpha-3
  • 1.0-alpha-4
  • 1.0-beta-1
  • 1.0-beta-1-20150521
  • ...
2024-04-17T17:31:12Z Fix available
GHSA-r52h-fjm7-93j8
  • Maven/com.blazemeter.plugins:BlazeMeterJenkinsPlugin
BlazeMeter Jenkins plugin vulnerable to Cross-Site Request Forgery
  • 1.0-beta-1
  • 1.01-beta-2
  • 1.02-beta-3
  • 1.04-beta-1
  • 1.05-beta-1
  • 1.06-beta-1
  • 1.07-beta-1
  • ...
2024-04-17T15:30:43Z Fix available
GHSA-2wrp-6fg6-hmc5
  • Maven/org.springframework:spring-web
Spring Framework URL Parsing with Host Validation
  • 1.0
  • 1.0-rc1
  • 1.0.1
  • 1.1
  • 1.1-rc1
  • 1.1-rc2
  • 1.1.1
  • ...
2024-04-16T06:30:28Z Fix available
GHSA-79vv-vp32-gpp7
  • Maven/org.apache.kafka:kafka-metadata
Apache Kafka: Potential incorrect access control during migration from ZK mode to KRaft mode
  • 3.5.0
  • 3.5.1
  • 3.5.2
  • 3.6.0
  • 3.6.1
2024-04-12T09:33:40Z Fix available
GHSA-c2gg-4gq4-jv5j
  • Maven/org.xwiki.platform:xwiki-platform-uiextension-api
XWiki Platform remote code execution from account through UIExtension parameters
  • See details.
2024-04-10T17:16:53Z Fix available
GHSA-hf43-47q4-fhq5
  • Maven/org.xwiki.commons:xwiki-commons-velocity
XWiki Commons missing escaping of `{` in Velocity escapetool allows remote code execution
  • 10.0
  • 10.1
  • 10.1-rc-1
  • 10.10
  • 10.10-rc-1
  • 10.11
  • 10.11-rc-1
  • ...
2024-04-10T17:16:37Z Fix available
GHSA-r5vh-gc3r-r24w
  • Maven/org.xwiki.platform:xwiki-platform-realtime-ui
XWiki Platform CSRF remote code execution through the realtime HTML Converter API
  • See details.
2024-04-10T17:14:59Z Fix available
GHSA-cv55-v6rw-7r5v
  • Maven/org.xwiki.platform:xwiki-platform-oldcore
XWiki Platform remote code execution from account via custom skins support
  • See details.
2024-04-10T17:14:47Z Fix available