CLEANSTART-2026-FA60324
See a problem?- Import Source
- https://github.com/cleanstart-dev/cleanstart-security-advisories/blob/main/advisories/2026/CLEANSTART-2026-FA60324.json
- JSON Data
- https://api.osv.dev/v1/vulns/CLEANSTART-2026-FA60324
- Upstream
- Published
- 2026-04-15T00:42:39.375533Z
- Modified
- 2026-04-15T05:46:18.606775Z
- Severity
-
- 9.8 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- It was found that the cookie used for CSRF prevention in Keycloak was not unique to each session
- Details
-
Multiple security vulnerabilities affect the keycloak package. It was found that the cookie used for CSRF prevention in Keycloak was not unique to each session. See references for individual vulnerability details.
- References
-
- https://github.com/cleanstart-dev/cleanstart-security-advisories/tree/main/advisories/2026/CLEANSTART-2026-FA60324.json
- https://osv.dev/vulnerability/CVE-2017-12158
- https://osv.dev/vulnerability/CVE-2017-12159
- https://osv.dev/vulnerability/ghsa-3p8m-j85q-pgmj
- https://osv.dev/vulnerability/ghsa-45p5-v273-3qqr
- https://osv.dev/vulnerability/ghsa-4cx2-fc23-5wg6
- https://osv.dev/vulnerability/ghsa-5rfx-cp42-p624
- https://osv.dev/vulnerability/ghsa-72hv-8253-57qq
- https://osv.dev/vulnerability/ghsa-84h7-rjj3-6jx4
- https://osv.dev/vulnerability/ghsa-9342-92gg-6v29
- https://osv.dev/vulnerability/ghsa-cbdj-484d-3x9q
- https://osv.dev/vulnerability/ghsa-fghv-69vj-qj49
- https://osv.dev/vulnerability/ghsa-h5fg-jpgr-rv9c
- https://osv.dev/vulnerability/ghsa-hq9p-pm7w-8p54
- https://osv.dev/vulnerability/ghsa-j288-q9x7-2f5v
- https://osv.dev/vulnerability/ghsa-pwqr-wmgm-9rr8
- https://osv.dev/vulnerability/ghsa-w9fj-cfpg-grvv
- https://nvd.nist.gov/vuln/detail/CVE-2017-12158
- https://nvd.nist.gov/vuln/detail/CVE-2017-12159