Keycloak 漏洞

时间轴

去年

版本

2.05
2.15
2.25
2.35
7.x5

修正

Official Fix59
Temporary Fix0
Workaround0
Unavailable0
Not Defined50

易受攻击性

High0
Functional1
Proof-of-Concept2
Unproven0
Not Defined106

访问向量

Not Defined0
Physical1
Local4
Adjacent30
Network74

身份验证

Not Defined0
High7
Low62
None40

用户交互

Not Defined0
Required33
None76

C3BM Index

去年

CVSSv3 Base

≤10
≤20
≤30
≤417
≤521
≤632
≤725
≤810
≤94
≤100

CVSSv3 Temp

≤10
≤20
≤31
≤418
≤520
≤633
≤727
≤86
≤94
≤100

VulDB

≤10
≤20
≤35
≤425
≤528
≤628
≤711
≤810
≤92
≤100

NVD

≤10
≤20
≤31
≤42
≤511
≤613
≤718
≤813
≤910
≤107

CNA

≤10
≤20
≤30
≤42
≤58
≤62
≤75
≤84
≤92
≤104

供应商

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

Research

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

零日攻击

<1k23
<2k72
<5k8
<10k3
<25k3
<50k0
<100k0
≥100k0

本日攻击

<1k102
<2k6
<5k0
<10k1
<25k0
<50k0
<100k0
≥100k0

攻击市场容量

去年

🔴 CTI 活动

Affected Versions (62): 0.1, 0.2, 0.3, 0.4, 0.5, 0.6, 0.7, 0.8, 1, 1.0.1, 1.0.2, 1.0.3, 2, 2.0, 2.1, 2.2, 2.3, 2.4, 2.5, 2.5.1, 2.5.2, 2.5.3, 2.5.4, 3.0, 3.2.1.Final, 3.4, 3.4.1, 3.4.3.Final, 4.0, 4.0.0.Beta2, 4.2.1.Final, 4.3.0.Final, 4.8, 4.8.1, 4.8.2, 6, 6.0, 6.0.1, 6.0.2, 7.0, 7.0.1, 8, 8.0, 8.0.1, 8.0.2, 9, 9.0, 9.0.1, 10.0, 10.0.1, 11.0, 11.0.3, 12, 12.0, 12.0.1, 13.0, 15.0, 15.1, 20.0, 20.0.1, 20.0.2, 22.0.5

已发布BaseTemp漏洞0day今天修正CTICVE
2024-04-175.75.7Keycloak redirect_uri Redirect$0-$5k$0-$5kNot DefinedNot Defined0.26CVE-2024-2419
2024-04-163.53.5Keycloak SAML 跨网站脚本$0-$5k$0-$5kNot DefinedNot Defined0.04CVE-2023-6717
2024-04-163.53.5Keycloak checkLoginIframe 权限升级$0-$5k$0-$5kNot DefinedNot Defined0.17CVE-2024-1249
2024-04-163.53.5Keycloak URL Redirect$0-$5k$0-$5kNot DefinedNot Defined0.09CVE-2024-1132
2024-04-163.53.5Keycloak Client Registration 权限升级$0-$5k$0-$5kNot DefinedNot Defined0.03CVE-2023-6544
2024-04-165.55.5Keycloak Token Type Privilege Escalation$0-$5k$0-$5kNot DefinedNot Defined0.09CVE-2023-0657
2024-04-166.36.3Keycloak Client Step-Up Authentication 弱身份验证$0-$5k$0-$5kNot DefinedNot Defined0.08CVE-2023-3597
2024-02-213.63.4Keycloak Account Lockout 拒绝服务$0-$5k$0-$5kProof-of-ConceptNot Defined0.04CVE-2024-1722
2024-02-215.55.5Keycloak 弱身份验证$0-$5k$0-$5kNot DefinedNot Defined0.22CVE-2023-6787
2023-12-184.74.7Red Hat Keycloak JARM Response Redirect$5k-$25k$5k-$25kNot DefinedNot Defined0.00CVE-2023-6927
2023-12-154.34.1JBoss KeyCloak lowerCaseHostname Redirect$0-$5k$0-$5kNot DefinedOfficial Fix0.02CVE-2023-6291
2023-12-157.16.9Red Hat keycloak/Single Sign-On/Middleware Container/ Admin User Interface 拒绝服务$5k-$25k$0-$5kNot DefinedOfficial Fix0.02CVE-2023-6563
2023-12-124.54.5JBoss KeyCloak Incomplete Fix CVE-2020-10748 跨网站脚本$0-$5k$0-$5kNot DefinedNot Defined0.02CVE-2023-6134
2023-12-044.34.3JBoss KeyCloak WebAuthn 权限升级$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2023-6484
2023-11-305.55.3Keycloak Login 权限升级$0-$5k$0-$5kNot DefinedOfficial Fix0.06CVE-2022-2232
2023-09-136.56.5Keycloak User Registration 弱加密$0-$5k$0-$5kNot DefinedNot Defined0.03CVE-2023-4918
2023-06-286.56.5Keycloak URL Scheme 跨网站脚本$0-$5k$0-$5kNot DefinedOfficial Fix0.04CVE-2022-4361
2023-06-275.55.5Keycloak Device 权限升级$0-$5k$0-$5kNot DefinedNot Defined0.02CVE-2023-2585
2023-06-274.64.6Keycloak mTLS Authentication 弱身份验证$0-$5k$0-$5kNot DefinedNot Defined0.04CVE-2023-2422
2023-05-235.75.7keycloak 弱身份验证$0-$5k$0-$5kNot DefinedNot Defined0.03CVE-2023-1664
2023-04-287.77.6HYPR Keycloak Authenticator Extension 弱身份验证$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2023-1477
2023-03-034.94.7keycloak-connect Node.js Adapter Redirect$0-$5k$0-$5kNot DefinedOfficial Fix0.05CVE-2022-2237
2023-03-035.55.3Keycloak 弱身份验证$0-$5k$0-$5kNot DefinedOfficial Fix0.04CVE-2023-0264
2023-03-013.53.4Keycloak OpenID Connect Login Service 跨网站脚本$0-$5k$0-$5kNot DefinedOfficial Fix0.05CVE-2022-4137
2023-03-013.53.3Keycloak 跨网站脚本$0-$5k$0-$5kProof-of-ConceptNot Defined0.04CVE-2022-1438

84 更多条目未显示

🔒 Login Required

You need to signup and login to see more of the remaining 84 results.

上一步一览下一步

Want to stay up to date on a daily basis?

Enable the mail alert feature now!