Keycloak Vulnerabilidades

Curso de tempo

Ano passado

Versão

2.05
2.15
2.25
2.35
7.x5

Medidas

Official Fix59
Temporary Fix0
Workaround0
Unavailable0
Not Defined50

Explorabilidade

High0
Functional1
Proof-of-Concept2
Unproven0
Not Defined106

Tipo de acesso

Not Defined0
Physical1
Local4
Adjacent30
Network74

Autenticação

Not Defined0
High7
Low62
None40

Actividade do utilizador

Not Defined0
Required33
None76

C3BM Index

Ano passado

CVSSv3 Base

≤10
≤20
≤30
≤417
≤521
≤632
≤725
≤810
≤94
≤100

CVSSv3 Temp

≤10
≤20
≤31
≤418
≤520
≤633
≤727
≤86
≤94
≤100

VulDB

≤10
≤20
≤35
≤425
≤528
≤628
≤711
≤810
≤92
≤100

NVD

≤10
≤20
≤31
≤42
≤511
≤613
≤718
≤813
≤910
≤107

CNA

≤10
≤20
≤30
≤42
≤58
≤62
≤75
≤84
≤92
≤104

Fabricante

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

Research

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

Explorar 0 dia

<1k23
<2k72
<5k8
<10k3
<25k3
<50k0
<100k0
≥100k0

Explorar hoje

<1k103
<2k5
<5k0
<10k1
<25k0
<50k0
<100k0
≥100k0

Explorar o volume do mercado

Ano passado

🔴 CTI Actividades

Affected Versions (62): 0.1, 0.2, 0.3, 0.4, 0.5, 0.6, 0.7, 0.8, 1, 1.0.1, 1.0.2, 1.0.3, 2, 2.0, 2.1, 2.2, 2.3, 2.4, 2.5, 2.5.1, 2.5.2, 2.5.3, 2.5.4, 3.0, 3.2.1.Final, 3.4, 3.4.1, 3.4.3.Final, 4.0, 4.0.0.Beta2, 4.2.1.Final, 4.3.0.Final, 4.8, 4.8.1, 4.8.2, 6, 6.0, 6.0.1, 6.0.2, 7.0, 7.0.1, 8, 8.0, 8.0.1, 8.0.2, 9, 9.0, 9.0.1, 10.0, 10.0.1, 11.0, 11.0.3, 12, 12.0, 12.0.1, 13.0, 15.0, 15.1, 20.0, 20.0.1, 20.0.2, 22.0.5

Publicado emBaseTempVulnerabilidade0dayHojeExpMasCTICVE
17/04/20245.75.7Keycloak redirect_uri Redirect$0-$5k$0-$5kNot DefinedNot Defined0.06CVE-2024-2419
16/04/20243.53.5Keycloak SAML Roteiro Cruzado de Sítios$0-$5k$0-$5kNot DefinedNot Defined0.03CVE-2023-6717
16/04/20243.53.5Keycloak checkLoginIframe direitos alargados$0-$5k$0-$5kNot DefinedNot Defined0.09CVE-2024-1249
16/04/20243.53.5Keycloak URL Redirect$0-$5k$0-$5kNot DefinedNot Defined0.06CVE-2024-1132
16/04/20243.53.5Keycloak Client Registration direitos alargados$0-$5k$0-$5kNot DefinedNot Defined0.06CVE-2023-6544
16/04/20245.55.5Keycloak Token Type Privilege Escalation$0-$5k$0-$5kNot DefinedNot Defined0.03CVE-2023-0657
16/04/20246.36.3Keycloak Client Step-Up Authentication Fraca autenticação$0-$5k$0-$5kNot DefinedNot Defined0.08CVE-2023-3597
21/02/20243.63.4Keycloak Account Lockout Negação de Serviço$0-$5k$0-$5kProof-of-ConceptNot Defined0.00CVE-2024-1722
21/02/20245.55.5Keycloak Fraca autenticação$0-$5k$0-$5kNot DefinedNot Defined0.09CVE-2023-6787
18/12/20234.74.7Red Hat Keycloak JARM Response Redirect$5k-$25k$5k-$25kNot DefinedNot Defined0.00CVE-2023-6927
15/12/20234.34.1JBoss KeyCloak lowerCaseHostname Redirect$0-$5k$0-$5kNot DefinedOfficial Fix0.02CVE-2023-6291
15/12/20237.16.9Red Hat keycloak/Single Sign-On/Middleware Container/ Admin User Interface Negação de Serviço$5k-$25k$0-$5kNot DefinedOfficial Fix0.02CVE-2023-6563
12/12/20234.54.5JBoss KeyCloak Incomplete Fix CVE-2020-10748 Roteiro Cruzado de Sítios$0-$5k$0-$5kNot DefinedNot Defined0.02CVE-2023-6134
04/12/20234.34.3JBoss KeyCloak WebAuthn direitos alargados$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2023-6484
30/11/20235.55.3Keycloak Login direitos alargados$0-$5k$0-$5kNot DefinedOfficial Fix0.06CVE-2022-2232
13/09/20236.56.5Keycloak User Registration Encriptação fraca$0-$5k$0-$5kNot DefinedNot Defined0.03CVE-2023-4918
28/06/20236.56.5Keycloak URL Scheme Roteiro Cruzado de Sítios$0-$5k$0-$5kNot DefinedOfficial Fix0.04CVE-2022-4361
27/06/20235.55.5Keycloak Device direitos alargados$0-$5k$0-$5kNot DefinedNot Defined0.02CVE-2023-2585
27/06/20234.64.6Keycloak mTLS Authentication Fraca autenticação$0-$5k$0-$5kNot DefinedNot Defined0.04CVE-2023-2422
23/05/20235.75.7keycloak Fraca autenticação$0-$5k$0-$5kNot DefinedNot Defined0.03CVE-2023-1664
28/04/20237.77.6HYPR Keycloak Authenticator Extension Fraca autenticação$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2023-1477
03/03/20234.94.7keycloak-connect Node.js Adapter Redirect$0-$5k$0-$5kNot DefinedOfficial Fix0.05CVE-2022-2237
03/03/20235.55.3Keycloak Fraca autenticação$0-$5k$0-$5kNot DefinedOfficial Fix0.04CVE-2023-0264
01/03/20233.53.4Keycloak OpenID Connect Login Service Roteiro Cruzado de Sítios$0-$5k$0-$5kNot DefinedOfficial Fix0.05CVE-2022-4137
01/03/20233.53.3Keycloak Roteiro Cruzado de Sítios$0-$5k$0-$5kProof-of-ConceptNot Defined0.04CVE-2022-1438

84 as entradas adicionais não são mais exibidas

🔒 Login Required

You need to signup and login to see more of the remaining 84 results.

VoltarVisão GeralPróximo

Do you know our Splunk app?

Download it now for free!